According to _Unix Network Programming_, only the umask controls the permissions of a Unix domain socket created by bind(). This makes it difficult to correctly control permissions on sockets in a multithreaded process, since the umask is not thread-specific. Therefore, currently bind_unix_socket() in socket-util.c has a race.
On Linux, one can also affect the permissions of a Unix domain socket by fchmoding the socket *before* calling bind(). Based on a glance at the FreeBSD source, I don't think that this works on BSD. Is there another way to do it there? (Does it work to fchmod the socket post-bind?) If not, we might have to add a fallback that forks off a process, sets the umask, and binds the socket. I guess FreeBSD and NetBSD could potentially differ here, too. Thanks, Ben. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
