Date: Tue, 09 Sep 1997 00:23:54 +0100 From: Brian Somers <brian@awfulhak.org> To: Tom <tom@sdf.com> Cc: Brian Somers <brian@awfulhak.org>, freebsd-stable@FreeBSD.ORG Subject: Re: unix domain sockets in 2.2-stable Message-ID: <199709082323.AAA06597@awfulhak.demon.co.uk> In-Reply-To: Your message of "Mon, 08 Sep 1997 14:18:30 PDT." <Pine.BSF.3.95q.970908141342.23740A-100000@misery.sdf.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> On Mon, 8 Sep 1997, Brian Somers wrote:
>
> > >
> > > I use Cyrus for handling a local mail store. It uses a special pwcheck
> > > daemon to check passwords as non-root users can't read the encrypted
> > > password field. The Cyrus imap and pop servers talk to pwcheck on a unix
> > > domain socket at /var/pwcheck/pwcheck
> > >
> > > This all worked well up to a 2.2-stable kernel from Aug 31. My
> > > previous 2.2-stable kernel from Jul 19 still works. If I boot the Aug
> > > 31 kernel, cyrus isn't able to connect to the pwcheck deamon, and if I
> > > boot to the older Jul 19 kernel cyrus works fine.
> > >
> > > The connect() call in the following segment of code fails on Aug 31
> > > kernels, and works on Jul 19 kernels and earlier (code is taken from
> > > unix_unix_pwcheck.c from Cyrus 1.5.2).
> > >
> > > memset((char *)&srvaddr, 0, sizeof(srvaddr));
> > > srvaddr.sun_family = AF_UNIX;
> > > strcpy(srvaddr.sun_path, STATEDIR);
> > > strcat(srvaddr.sun_path, "/pwcheck/pwcheck");
> > > r = connect(s, (struct sockaddr *)&srvaddr, sizeof(srvaddr));
> > > if (r == -1) {
> > > *reply = "cannot connect to pwcheck server";
> > > return 1;
> > > }
> > >
> > >
> > > Does anyone have any idea on what has changed as far as unix domain
> > > sockets in 2.2-stable lately? I've looked at the committ logs, and I
> > > don't see anything that stands out.
> >
> > There are no problems with local sockets and ppp. I've just checked
> > a RELENG_2_2 system built on September 1. Try running ppp in auto
> > mode with a "set server /my/local/socket" in the config (you don't
> > have to actually connect to anything), and then run "pppctl -p xxxx
> > /my/local/socket show ipcp".... works ok.
> >
> > I'd suggest a rebuild of your system.
>
> I already rebuilt my system before sending this.
>
> I found out what is happening. The group and other permissions on unix
> sockets are ignored. In my case the pwcheck daemon runs as root, and
> therefore the socket is owned by root. However, the cyrus daemons can't
> open the socket because it seesm that the other bits (I have r-x
> set) are ignored, and the cyrus daemons run as the cyrus user. If I chown
> the socket after pwcheck opens it, to the cyrus user, everything works ok.
>
> This new behaviour is now very linux-like.
Sounds like you've got a dodgy umask. The bind() that creates the
local socket looks at your umask. The only way to choose your
permissions at bind() time is to get the umask correct.
Take a look at /usr/src/usr.sbin/ppp/server.c - it does and undoes a
umask() around the bind() call to overcome this.
I wasn't aware that this behaviour has changed, but that doesn't mean
much :-I
>
> Tom
>
--
Brian <brian@awfulhak.org>, <brian@freebsd.org>
<http://www.awfulhak.org>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709082323.AAA06597>