/// <summary>Test file descriptor path security.</summary> /// <exception cref="System.IO.IOException"/> /// <exception cref="System.Exception"/> public virtual void TestFdPassingPathSecurity() { TemporarySocketDirectory tmp = new TemporarySocketDirectory(); try { string prefix = tmp.GetDir().GetAbsolutePath(); Shell.ExecCommand(new string[] { "mkdir", "-p", prefix + "/foo/bar/baz" }); Shell.ExecCommand(new string[] { "chmod", "0700", prefix + "/foo/bar/baz" }); Shell.ExecCommand(new string[] { "chmod", "0700", prefix + "/foo/bar" }); Shell.ExecCommand(new string[] { "chmod", "0707", prefix + "/foo" }); Shell.ExecCommand(new string[] { "mkdir", "-p", prefix + "/q1/q2" }); Shell.ExecCommand(new string[] { "chmod", "0700", prefix + "/q1" }); Shell.ExecCommand(new string[] { "chmod", "0700", prefix + "/q1/q2" }); TestValidateSocketPath(prefix + "/q1/q2", prefix); try { TestValidateSocketPath(prefix + "/foo/bar/baz", prefix); } catch (IOException e) { GenericTestUtils.AssertExceptionContains("/foo' is world-writable. " + "Its permissions are 0707. Please fix this or select a " + "different socket path.", e); } try { TestValidateSocketPath(prefix + "/nope", prefix); } catch (IOException e) { GenericTestUtils.AssertExceptionContains("failed to stat a path " + "component: " , e); } // Root should be secure DomainSocket.ValidateSocketPathSecurity0("/foo", 1); } finally { tmp.Close(); } }
public static void Init() { sockDir = new TemporarySocketDirectory(); DomainSocket.DisableBindPathValidation(); }