From owner-freebsd-arch@FreeBSD.ORG Sat Mar 2 23:10:40 2013 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id AA6D18CE; Sat, 2 Mar 2013 23:10:40 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mx1.stack.nl (relay02.stack.nl [IPv6:2001:610:1108:5010::104]) by mx1.freebsd.org (Postfix) with ESMTP id 70FF3868; Sat, 2 Mar 2013 23:10:40 +0000 (UTC) Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131]) by mx1.stack.nl (Postfix) with ESMTP id 847E5358C5A; Sun, 3 Mar 2013 00:10:38 +0100 (CET) Received: by snail.stack.nl (Postfix, from userid 1677) id 639312848C; Sun, 3 Mar 2013 00:10:38 +0100 (CET) Date: Sun, 3 Mar 2013 00:10:38 +0100 From: Jilles Tjoelker To: Pawel Jakub Dawidek Subject: Re: bindat(2) and connectat(2) syscalls for review. Message-ID: <20130302231038.GA70271@stack.nl> References: <20130213230354.GC1375@garage.freebsd.pl> <20130213232004.GA2522@kib.kiev.ua> <20130213234030.GD1375@garage.freebsd.pl> <20130214185549.GA36288@stack.nl> <86ip5saqiu.fsf@ds4.des.no> <20130216232039.GD2023@garage.freebsd.pl> <86y5enaan7.fsf@ds4.des.no> <20130217142038.GA55034@stack.nl> <20130217144321.GJ2023@garage.freebsd.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130217144321.GJ2023@garage.freebsd.pl> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Konstantin Belousov , Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= , freebsd-arch@FreeBSD.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Mar 2013 23:10:40 -0000 On Sun, Feb 17, 2013 at 03:43:22PM +0100, Pawel Jakub Dawidek wrote: > But if we are going to do that, it would be nice to have at least one > useful flag to use in there:) I have just found a candidate. In a kdump of tmux, there is a umask/bind/umask sequence. This is because unlike other calls that create files such as open(), mkdir(), mkfifo() and mknod(), the bind() function does not have a permissions argument. (symlink() has no permissions argument but that's because permissions do not matter for symlinks.) The umask/bind/umask sequence is not thread-safe. If the socket is to be accessible for the current user only, a good workaround is to create the socket in a mode 700 directory and not care about the permissions of the socket itself. If the socket is to be accessible for all users, some other filename can be bound, permissions corrected and then renamed to the expected name. In some cases, these workarounds may have to be combined. If we want a cleaner fix for this, it can be done with an extra bindat() argument, a setsockopt() or wider-ranging changes like a per-thread umask. Then again, it is apparently OK that not all filenames are accessible for binding and connecting sockets, so perhaps this is also OK. Some of these umask problems are shared with all other calls that create files. -- Jilles Tjoelker