-
Type: Bug
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Minor Change
-
ALL
The change for SERVER-13022 allows the user to specify the permissions that should be set on the Unix Domain Socket. This allows users to ensure that the socket can only be used by allowed users.
Currently, if the chmod fails the server still opens the socket for incoming connections. Since the permissions on the socket are now indeterminate this could expose the process to users on the system that would not normally have access.
I think the code should be changed to only open the socket if the chmod succeeds.
If the chmod fails the server should attempt to remove the socket file (since it created it) and update the logged warning to indicate that the socket will not be opened.
Rob.
- depends on
-
SERVER-13022 AF_UNIX socket file should not force a default mode of 0777.
- Closed
- links to