On Sat, Feb 12, 2011 at 1:56 PM, Otto Moerbeek <o...@drijf.net> wrote:
> On Sat, Feb 12, 2011 at 12:53:47PM -0500, Eric wrote:
>
>> On Sat, Feb 12, 2011 at 12:00 PM, Ted Unangst <ted.unan...@gmail.com>
wrote:
>> > On Sat, Feb 12, 2011 at 9:49 AM, Eric <airu...@gmail.com> wrote:
>> >> I'm making some modifications to syslogd/syslog so that I can control
>> access
>> >> to log sockets and have a set of high integrity log files that didn't
>> >> receive logs
>> >> from world-writable log sockets. Briefly, this means:
>> >
>> > It means you put the socket into a directory with the appropriate
>> > permissions. Sockets don't have permissions.
>> >
>>
>> I just tested it: sockets have permissions on OpenBSD and they are
enforced.
>
> Yes, originally permissions on sockets were not enforced. But creating
> a socket and setting permissions on it is still subject to race
> conditions. So in practice you'll need dirs.
>
> -Otto
>
Syslogd already uses socket permissions to protect its control socket:
if (ctlsock_path != NULL) {
fd = unix_socket(ctlsock_path, SOCK_STREAM, 0600);
if (fd != -1) {
Should I patch it so that the control socket is placed in a directory
with appropriate permissions?
