From 916ba1ab23aa50b855fd795f095eaedb328e84d9 Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Sat, 5 May 2018 11:03:33 -0700 Subject: fixes #396 illumos doesn't build (missing NNG_PLATFORM_POSIX ON) fixes #397 Need to cast zoneid fixes #395 sun is predefined on illumos/Solaris fixes #394 alloca needs to #include fixes #399 Cannot use SVR4.2 specific msghdr fixes #402 getpeerucred needs a NULL initialized ucred fixes #403 syntax error in posix_tcp - attempt to return void fixes #407 illumos getegid wrong fixes #406 nni_idhash_count is dead code fixes #404 idhash typedef redeclared fixes #405 warning: newline not last character in file This is basically a slew of related bug fixes required to make this work on illumos. Note that the fixes are not "complete", because more work is required to support port events given that epoll is busted on illumos. We also fixed a bunch of things that aren't actually "bugs" per se, but really just warnings. Silencing them makes things better for everyone. Apparently not all compilers are equally happy with redundant (but otherwise identical) typedefs; we use structs in some places instead of shorter type names to silence these complaints. Note that IPC permissions (the mode bits on the socket vnode) are not validated on SunOS systems. This change includes documentation to reflect that. --- docs/man/nng_ipc.7.adoc | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'docs') diff --git a/docs/man/nng_ipc.7.adoc b/docs/man/nng_ipc.7.adoc index 6bfa338b..ef9fd1b1 100644 --- a/docs/man/nng_ipc.7.adoc +++ b/docs/man/nng_ipc.7.adoc @@ -77,12 +77,27 @@ on a file, such as `0600` (typically meaning read-write to the owner, and no permissions for anyone else.) The default is system-specific, most often `0644`. +IMPORTANT: Not all systems validate these permissions. +In particular, illumos and Solaris are known to ignore these permission +settings when connecting. + NOTE: Normally both read and write permission will be necessary for a peer dialer to connect. See your system documentation for UNIX domain sockets for more information. NOTE: The _umask_ of the process is *not* applied to these bits. +TIP: The best practice for limiting access is to place the socket in a +directory writable only by the server, and only readable and searchable +by clients. +All mainstream POSIX systems will fail to permit a client to connect +to a socket located in a diretor for which the client lacks search (execute) +permission. + +TIP: Also consider using the `NNG_OPT_IPC_PEER_UID` property from within a +a pipe notification callback (`<>`) +to validate peer credentials. + ((`NNG_OPT_IPC_SECURITY_DESCRIPTOR`)):: (`PSECURITY_DESCRIPTOR`) -- cgit v1.2.3-70-g09d2