Re: [Slightly OT] - Socket Security

From: Barry Margolin (barmar_at_alum.mit.edu)
Date: 05/14/04

• Next message: Kevin Collins: "Re: Simple sed replacement tool"
• Previous message: Bob: "Re: Simple sed replacement tool"
• In reply to: Kevin Collins: "[Slightly OT] - Socket Security"
• Next in thread: Kevin Collins: "Re: [Slightly OT] - Socket Security"
• Reply: Kevin Collins: "Re: [Slightly OT] - Socket Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Thu, 13 May 2004 19:42:45 -0400

In article <slrnca7vjr.9gp.spamtotrash@doom.unix-guy.com>,
 spamtotrash@toomuchfiction.com (Kevin Collins) wrote:

> I know this is not necessarily the best forum for this, but I trust the
> knowledge of most of the folks here :)

We're better than the folks in comp.unix.questions, comp.unix.admin, and
comp.unix.internals? I suspect it's mostly the same people, so why do
you trust us more in this group? And it makes it harder for others who
might want to search for answers in the future -- they're unlikely to
search this group for this topic.

>
> I am working on a security project identifying, tracking and reporting on
> world-writable files on all of our systems. I have a fairly sophisticated
> filtering system which can ignore (for example) files in a directory with the
> sticky-bit set, temp directories (/tmp, /var/tmp), etc.
>
> My trouble comes in where sockets are concerned - do I need to worry about
> what
> the security bits are on a socket? What are the issues if a socket is
> world-writable? I suspect there is some security issue because there are
> applications that have a special, sticky-bit directory where all sockets are
> written.

I think most versions of Unix ignore the permissions on Unix domain
sockets.

-- 
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

---

• Next message: Kevin Collins: "Re: Simple sed replacement tool"
• Previous message: Bob: "Re: Simple sed replacement tool"
• In reply to: Kevin Collins: "[Slightly OT] - Socket Security"
• Next in thread: Kevin Collins: "Re: [Slightly OT] - Socket Security"
• Reply: Kevin Collins: "Re: [Slightly OT] - Socket Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: significance of "nobody" ownership permission? ... I suspect the reason for these "nobody and 777" characteristics is that this ... the 777 perms were created from there. ... I am not concerned about 5.2's external security (hopefully ... AFAIK the executable bits on sockets has no ... (comp.os.linux.security) Re: significance of "nobody" ownership permission? ... I suspect the reason for these "nobody and 777" characteristics is that this ... the 777 perms were created from there. ... I am not concerned about 5.2's external security (hopefully ... AFAIK the executable bits on sockets has no ... (comp.os.linux.security) User Authentication using Sockets ! ... Running on AIX boxes) in our ND Websphere env. ... I do have the option of doing FTP, but since FTP is at user level and ... Next option would be to use sockets and tranfer the file across. ... However the problem is security. ... (comp.lang.java.programmer) [Slightly OT] - Socket Security ... I am working on a security project identifying, ... world-writable files on all of our systems. ... sticky-bit set, temp directories, etc. ... My trouble comes in where sockets are concerned - do I need to worry about what ... (comp.unix.shell) Unix-domain port forwarding with openssh ... I am writing a distributed application and I want to use ssh to ... about other users on the machine connecting to the forwared ports. ... If I was to use Unix domain sockets, I would be able to use file ... (comp.security.ssh)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)