mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-12 10:54:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

create IPC sockets with wide-open permissions (0222 might suffice; ITS#4709)

Browse Source
This commit is contained in:
Pierangelo Masarati 2006-10-14 17:35:50 +00:00
parent f449ee6500
commit 59e60483fa
1 changed files with 27 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
servers/slapd/daemon.c
View File

@ -1310,24 +1310,39 @@ slap_open_listener(
#ifdef LOCAL_CREDS #ifdef LOCAL_CREDS
{ {
int one = 1; int one = 1;
setsockopt(l.sl_sd, 0, LOCAL_CREDS, &one, sizeof one); setsockopt( l.sl_sd, 0, LOCAL_CREDS, &one, sizeof( one ) );
} }
#endif /* LOCAL_CREDS */ #endif /* LOCAL_CREDS */
addrlen = sizeof(struct sockaddr_un);
addrlen = sizeof( struct sockaddr_un );
/* create socket with all permissions set for those systems
* that honor permissions on sockets (e.g. Linux); typically,
* only write is required. To exploit filesystem permissions,
* place the socket in a directory and use directory's
* permissions. Need write perms to the directory to
* create/unlink the socket; likely need exec perms to access
* the socket */
{
mode_t old_umask;
old_umask = umask( 0 );
rc = bind( l.sl_sd, *sal, addrlen );
umask( old_umask );
if ( rc ) {
err = sock_errno();
Debug( LDAP_DEBUG_ANY,
"daemon: bind(%ld) failed errno=%d (%s)\n",
(long)l.sl_sd, err, sock_errstr( err ) );
tcp_close( l.sl_sd );
sal++;
continue;
}
}
break; break;
#endif /* LDAP_PF_LOCAL */ #endif /* LDAP_PF_LOCAL */
} }
if (bind(l.sl_sd, *sal, addrlen)) {
err = sock_errno();
Debug( LDAP_DEBUG_ANY,
"daemon: bind(%ld) failed errno=%d (%s)\n",
(long) l.sl_sd, err, sock_errstr(err) );
tcp_close( l.sl_sd );
sal++;
continue;
}
switch ( (*sal)->sa_family ) { switch ( (*sal)->sa_family ) {
#ifdef LDAP_PF_LOCAL #ifdef LDAP_PF_LOCAL
case AF_LOCAL: { case AF_LOCAL: {