[Libhugetlbfs-devel] [PATCH] hugetlbd: Move socket to /var/run

[Adam Litke]

There are at least two fundamental problems with placing the hugetlbd
socket in /tmp.  First, it could be deleted at any time by a /tmp
reaping daemon.  Second, the lax permissions of /tmp could allow an
unprivileged application to impersonate the daemon by commandeering the
socket file.  Move the socket to /var/run to avoid this problem.  Note
that on most systems, hugetlbd will need to be run as root in order to
create the socket in the more secure /var/run directory.  

Signed-off-by: Adam Litke <[EMAIL PROTECTED]>

diff -purN libhugetlbfs-dev-20061026.orig/hugetlbd.c 
libhugetlbfs-dev-20061026/hugetlbd.c
--- libhugetlbfs-dev-20061026.orig/hugetlbd.c   2006-10-26 15:57:34.000000000 
+0000
+++ libhugetlbfs-dev-20061026/hugetlbd.c        2006-10-26 20:33:26.000000000 
+0000
@@ -846,15 +846,15 @@ int main(int argc, char *argv[])
 
        sun.sun_family = AF_UNIX;
        /* clear out any previous socket */
-       unlink("/tmp/libhugetlbfs-sock");
-       strcpy(sun.sun_path, "/tmp/libhugetlbfs-sock");
+       unlink(SOCKFILE);
+       strcpy(sun.sun_path, SOCKFILE);
        ret = bind(sock, (struct sockaddr *)(&sun), sizeof(sun));
        if (ret < 0) {
                ERROR("bind() failed: %s\n", strerror(errno));
                goto die;
        }
 
-       chmod("/tmp/libhugetlbfs-sock", 0666);
+       chmod(SOCKFILE, 0666);
 
        ret = listen(sock, QUEUE_LENGTH);
        if (ret < 0) {
diff -purN libhugetlbfs-dev-20061026.orig/hugetlbd.h 
libhugetlbfs-dev-20061026/hugetlbd.h
--- libhugetlbfs-dev-20061026.orig/hugetlbd.h   2006-10-26 15:57:34.000000000 
+0000
+++ libhugetlbfs-dev-20061026/hugetlbd.h        2006-10-26 19:08:23.000000000 
+0000
@@ -26,6 +26,7 @@
 
 #define ID_KEY 0x56
 #define LOGFILE "/tmp/hugetlbd.log"
+#define SOCKFILE "/var/run/libhugetlbfs-sock"
 
 /*
  * Ideally, would like to deal with this better, so that a 32-bit daemon
diff -purN libhugetlbfs-dev-20061026.orig/hugeutils.c 
libhugetlbfs-dev-20061026/hugeutils.c
--- libhugetlbfs-dev-20061026.orig/hugeutils.c  2006-10-26 15:57:34.000000000 
+0000
+++ libhugetlbfs-dev-20061026/hugeutils.c       2006-10-26 19:09:54.000000000 
+0000
@@ -320,7 +320,7 @@ static int hugetlbfs_shared_file(struct 
        }
 
        sun.sun_family = AF_UNIX;
-       strcpy(sun.sun_path, "/tmp/libhugetlbfs-sock");
+       strcpy(sun.sun_path, SOCKFILE);
        ret = connect(sock, &sun, sizeof(sun));
        if (ret < 0) {
                ERROR("connect() failed: %s\n", strerror(errno));

-- 
Adam Litke - (agl at us.ibm.com)
IBM Linux Technology Center


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Libhugetlbfs-devel mailing list
Libhugetlbfs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libhugetlbfs-devel