| Fletcher Glenn 2004-04-20, 12:35 pm |
|
Sunny Suen wrote:
> Hi all,
> Don't know if these are the results of a standard security mechanism
> or configurable option in FreeBSD 4.6. Here are the findings:
>
> * A server process can bind, listen, accept and even read from a TCP
> socket, created by socket(AF_INET, SOCK_STREAM, 0).
>
> * But it is not permitted to write to the socket as the system call
> returns errno = EACCES/13, quoting "Permission denied".
>
> * The error occurs only when the client runs on a remote host. It
> works fine for local TCP clients.
>
> * The server process is run as non-root. fstat() reveals that the
> socket has the owner's write permission bit (S_IWUSR) enabled.
>
> * mSQL 2.0.4 daemon and a home-grown TCP/IP echo program are used as
> examples of the said server process.
>
> * No shutdown() call is ever invoked by the mSQL daemon (according to
> ktrace) or my echo program to make the socket read-only.
>
> Can someone tell me if such observations are expected from a hardened
> FreeBSD 4.6 system, or they are rather symptoms of a ill-behaved
> environment? If the latter is the case, any workaround or fix
> available?
>
> Thanx
Why would you ever write to a listen socket? Who would be the receiver
of the message? When you do an accept(), you get a communications
endpoint that is connected to another program. A bound listen socket
is connected to no one.
--
Fletcher Glenn
|