local-datagram-socket-listen — create a socket listening for incoming TCP connections and chain
local-datagram-socket-listen [--uid number] [--gid number] [--mode number] [--systemd-compatibility] {path} {next-prog}
local-datagram-socket-listen is a chain-loading utility that opens a local domain datagram socket bound to path, sets the socket to file descriptor 3 (closing whatever that descriptor was), and then chain loads to next-prog with the execvp(3) function.
next-prog may contain its own command line options, which local-datagram-socket-listen will ignore.
After binding the socket to path, local-datagram-socket-listen changes the owner UID of the socket to that specified with the [--uid] command line argument (if supplied), changes the GID of the socket to that specified with the [--gid] command line argument (if supplied), and changes the permissions of the socket to those specified with the [--mode] command line argument (if supplied).
The normal conventions for numbers apply, so for octal permissions use a leading zero.
Symbolic permissions and account names are not supported.
The [--systemd-compatibility] option causes local-datagram-socket-listen to set the LISTEN_FDS environment variable to 1, and the LISTEN_PID environment variable to its own process ID.
This is for compatibility with daemons that expect to be run under systemd(1).
For compatibility with daemons that expect to be run under inetd(1), inheriting the listening socket as their standard input, simply use fdmove 0 3 in next-prog.
See fdmove(1).
Because of an oversight in operating systems that prevents fchmod(2) and fchown(2) from working with bound local domain sockets, local-datagram-socket-listen calls chmod(2) and chown(2) on path.
Because of an oversight in operating systems that prevents bind(2) from being able to re-use old local domain socket addresses, local-datagram-socket-listen attempts to delete, with unlink(2), any file named path before binding.
An attacker who could change what file is denoted by path in between the calls to bind(2) and the call to chmod(2) and chown(2) could change the permissions and ownership of any file in the filesystem.
An attacker who could change what file is denoted by path before the call to unlink(2) could unlink any file in the filesystem.
To avoid these security holes, ensure that none of the directories in the path to path (not just the final one) are writable by untrusted users or groups; and ensure that untrusted programs cannot supply path.
local-datagram-socket-listen can be used as a simple daemon monitored by
service-manager(1).
local-datagram-socket-listen overlaps the functionality of
inetd(1)
and
systemd(1)
(in the systemd-recommended configuration of Accept=false sockets).
To change the process' UID and GID after opening the socket, simply chain through setuidgid(1).