Am 2021-02-01 um 13:41 schrieb Graham Leggett:
On 01 Feb 2021, at 14:12, micha...@apache.org wrote:
Apply same UDS path perm approach in the AprEndpoint as in the NioEndpoint
---
java/org/apache/tomcat/util/net/AprEndpoint.java | 10 +++-------
java/org/apache/tomcat/util/net/NioEndpoint.java | 3 ++-
2 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index 37b1e81..9d212a1 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -24,6 +24,7 @@ import java.nio.ByteBuffer;
import java.nio.channels.CompletionHandler;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
+import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
@@ -393,13 +394,8 @@ public class AprEndpoint extends
AbstractEndpoint<Long,Long> implements SNICallB
FileAttribute<Set<PosixFilePermission>> attrs =
PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString(
getUnixDomainSocketPathPermissions()));
- Files.setAttribute(Paths.get(getUnixDomainSocketPath()),
attrs.name(), attrs.value());
- }
- else {
- java.io.File file =
Paths.get(getUnixDomainSocketPath()).toFile();
- file.setReadable(true, false);
- file.setWritable(true, false);
- file.setExecutable(false, false);
+ Path path = Paths.get(getUnixDomainSocketPath());
+ Files.setAttribute(path, attrs.name(), attrs.value());
}
} else {
if (OS.IS_WIN32 || OS.IS_WIN64) {
diff --git a/java/org/apache/tomcat/util/net/NioEndpoint.java
b/java/org/apache/tomcat/util/net/NioEndpoint.java
index 5ce6398..5d16bbf 100644
--- a/java/org/apache/tomcat/util/net/NioEndpoint.java
+++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
@@ -209,7 +209,8 @@ public class NioEndpoint extends
AbstractJsseEndpoint<NioChannel,SocketChannel>
serverSock.bind(sa, getAcceptCount());
if (getUnixDomainSocketPathPermissions() != null) {
FileAttribute<Set<PosixFilePermission>> attrs =
-
PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString(getUnixDomainSocketPathPermissions()));
+
PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString(
+ getUnixDomainSocketPathPermissions()));
Path path = Paths.get(getUnixDomainSocketPath());
Files.setAttribute(path, attrs.name(), attrs.value());
}
If I’m reading this correctly this breaks Windows - the permissions on the UDS
socket will be the same as those of the Tomcat process, which is “I can talk to
me, but everyone else is read only, so unless you’re me I refuse to serve your
request”.
I think the fix is the other way around, the NioEndpoint needs to default to:
- file.setReadable(true, false);
- file.setWritable(true, false);
That's a good point. I expect this to be consistent. A few questions
arise here:
* Did you try that on Windows?
* Do the same semantics apply to UDS on NTFS as on POSIX filesystems?
According to [1] and [2], yes. An ideal solution is [3], but hard to
implement.
By calling #setWritable() who in the system can gain access to the UDS?
What's worse is that the admin cannot reasonably change that.
What is other devs' stance on this?
M
[1] https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/
[2] https://mutagen.io/documentation/forwarding/unix-domain-sockets
[3 https://stackoverflow.com/a/58102635/696632
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
