Re: jserver socket permissions

To: tlug@example.com
Subject: Re: jserver socket permissions
From: "Stephen J. Turnbull" <turnbull@example.com>
Date: Tue, 14 Jan 1997 14:21:58 +0900
In-reply-to: Your message of "Tue, 14 Jan 1997 10:08:10 +0900." <Pine.HPP.3.95.970114100535.6049B-100000@example.com>
Reply-To: tlug@example.com
Sender: owner-tlug

>>>>> "Paul" == Paul Gampe <paulg@example.com> writes:

    Paul> On Mon, 13 Jan 1997, Craig Oda wrote:
    craig> Jserver then automatically creates a socket in /tmp.
    craig> 
    craig> srwxr-xr-x 1 root root 0 Jan 13 22:32 jd_sockV4=
    craig> 
    craig> As can be seen from the permissions above, only root can
    craig> write to the socket.  I can solve this by changing the
    craig> permissions to 1777.  However, I was wondering if this was
    craig> a security problem or not.

I assume that the operational problem is that nobody but root can talk 
to the jserver?

    Paul> Yes it could be a security problem, depending on what the
    Paul> uid of the jserver process is.

Well, jserver should be running as a non-privileged user named 'wnn',
group 'bin', if I understand it correctly.  I run Canna myself; Canna
in the default configuration runs as user 'bin', group 'bin'.  Canna
_does_ set its Unix-domain socket's mode to 0777.  (Where did the
sticky bit come from?)  The port is 5680, in contrast to Wnn which
likes to use a privileged port, I think: it's 601 on the University's
Sun system.  I think Wnn is generally more security conscious than
Canna, though.

The purpose of this is to protect the dictionary files, as I
understand it.  I don't really see what the "security problem" is,
since to take advantage of the security problem you need to subvert
jserver in any case (the socket only talks to jserver), and if you can
do that....

You can of course sabotage the server by deleting the socket or
something like that, but I assume that's not what you have in mind.

    craig> I'm planning If the permissions are automatically set to
    craig> 1755, it must be a problem for other people too, right?

JE has been replete with permission problems in my experience.
However, this has been on library files (eg, the font installation
procedures for kon), where I suspect the proper switches to tar to
preserve permissions weren't used.  This looks to me like a problem
with the umask.  Whether it's an Wnn bug or a configuration problem I
don't know (I'm a bit hazy on how umasks get set for daemon
processes), but it's probably a bug.  (Canna explicitly sets the umask
to 0 (temporarily) before creating the Unix-domain socket.)

Steve

-- 
                            Stephen J. Turnbull
Institute of Policy and Planning Sciences                    Yaseppochi-Gumi
University of Tsukuba                      http://turnbull.sk.tsukuba.ac.jp/
Tel: +81 (298) 53-5091;  Fax: 55-3849              turnbull@example.com
-----------------------------------------------------------------
a word from the sponsor will appear below
-----------------------------------------------------------------
The TLUG mailing list is proudly sponsored by TWICS - Japan's First
Public-Access Internet System.  Now offering 20,000 yen/year flat
rate Internet access with no time charges.  Full line of corporate
Internet and intranet products are available.   info@example.com
Tel: 03-3351-5977   Fax: 03-3353-6096

References:
- Re: jserver socket permissions
  - From: Paul Gampe <paulg@example.com>

Prev by Date: Re: jserver socket permissions
Next by Date: Re: Applixware
Prev by thread: Re: jserver socket permissions
Next by thread: Re: Applixware
Index(es):
- Date
- Thread

Home | Main Index | Thread Index