On Sun, Mar 02, 2014 at 05:38:38PM -0500, Noah Misch wrote:
> Concerning the immediate fix for non-Windows systems, does any modern system
> ignore modes of Unix domain sockets? It appears to be a long-fixed problem:
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1402
> http://unix.stackexchange.com/questions/83032/which-systems-do-not-honor-socket-read-write-permissions
>
> Nonetheless, it would be helpful for folks to test any rare platforms they
> have at hand. Start a postmaster with --unix-socket-permissions=0000 and
> attempt to connect via local socket. If psql gives something other than
> "psql: could not connect to server: Permission denied", please report it.
Some results are in. Both Solaris 10 and omnios-6de5e81 (OmniOS v11 r151008)
ignore socket modes. That justifies wrapping the socket in a directory.
--
Noah Misch
EnterpriseDB http://www.enterprisedb.com