Full_Name: Ivan Nejgebauer Version: 2.3.27 OS: Linux 2.6 (Ubuntu) URL: ftp://ftp.openldap.org/incoming/ivan-nejgebauer-061012.patch Submission from: (NULL) (147.91.172.229)

Linux, as opposed to other *NIXes, honors PF_LOCAL socket file mode bits, so a user must have the write permission to use the socket. OpenLDAP bind()s its PF_LOCAL sockets without any special arrangements, so the resulting socket's permissions are governed by the current umask. Since the umask is usually 022 or 002, the socket ends up not being world-writable, making it unusable for users other than root.

Earlier OpenLDAP releases recognized a non-standard "x-mod" URL extension for manipulating socket permissions, and the parsing code is still there, but its results are unused.

With the attached patch, PF_LOCAL sockets are always created world-writable by setting the umask to zero before bind(). The previous umask is restored immediately afterwards. Umask manipulation shouldn't affect PF_UNIX bind()s, so I haven't surrounded it with #ifdef LDAP_PF_LOCAL.

i.