Re-reading the comments here, there's a few loose ends:
- First, if we decide to go the route of creating a new directory for the socket, the directory should be created with restricted permissions (see mkdir(2)) rather than creating the directory and then setting the directory's permissions to be restrictive. I'm sorry I missed this point earlier.
- Second, I did entirely overlook the abstract (unix domain address?) sockets; the patches here were all for unix domain sockets with apparently filesystem names. Are there more sockets that need further constraints on their use?
Re-reading the comments here, there's a few loose ends:
- First, if we decide to go the route of creating a new directory for the socket, the directory should be created with restricted permissions (see mkdir(2)) rather than creating the directory and then setting the directory's permissions to be restrictive. I'm sorry I missed this point earlier.
- Second, I did entirely overlook the abstract (unix domain address?) sockets; the patches here were all for unix domain sockets with apparently filesystem names. Are there more sockets that need further constraints on their use?
Thanks