NetBSD Problem Report #60236

From www@netbsd.org  Thu May  7 23:19:34 2026
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits)
	 client-signature RSA-PSS (2048 bits))
	(Client CN "mail.netbsd.org", Issuer "R13" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 125B01A9239
	for <gnats-bugs@gnats.NetBSD.org>; Thu,  7 May 2026 23:19:34 +0000 (UTC)
Message-Id: <20260507231933.146531A923A@mollari.NetBSD.org>
Date: Thu,  7 May 2026 23:19:33 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: inetd(8): set ownership of local sockets
X-Send-Pr-Version: www-1.0
X-From4GNATS: "campbell+netbsd@mumble.net via gnats" <gnats-admin@NetBSD.org>

>Number:         60236
>Category:       bin
>Synopsis:       inetd(8): set ownership of local sockets
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 07 23:20:00 +0000 2026
>Originator:     Taylor R Campbell
>Release:        current, 11, 10, 9, ...
>Organization:
The InetBSD Foundation
>Environment:
>Description:

	inetd(8) can bind to local sockets, and can setuid/setgid the
	process that handles them.  But it doesn't seem to have any way
	to set the ownership or permissions on the sockets it bound, so
	only root can connect to the socket.

>How-To-Repeat:

	With this inetd.conf fragment:

/var/run/test.sock	stream	unix	nowait	_httpd:_httpd	/usr/libexec/httpd	httpd /var/www

	The socket is bound like so:

$ ls -l /var/run/test.sock
srwxr-xr-x  1 root  wheel  0 May  7 23:11 /var/run/test.sock

>Fix:

	Invent notation for socket owner and socket permissions.

Home	PR Database Search