Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-16086

Should not open the Unix Domain Socket if the chmod fails.

    • Minor Change
    • ALL

      The change for SERVER-13022 allows the user to specify the permissions that should be set on the Unix Domain Socket. This allows users to ensure that the socket can only be used by allowed users.

      Currently, if the chmod fails the server still opens the socket for incoming connections. Since the permissions on the socket are now indeterminate this could expose the process to users on the system that would not normally have access.

      I think the code should be changed to only open the socket if the chmod succeeds.

      If the chmod fails the server should attempt to remove the socket file (since it created it) and update the logged warning to indicate that the socket will not be opened.

      Rob.

            Assignee:
            david.hows David Hows
            Reporter:
            robert.j.moore@allanbank.com Robert Moore
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: