1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
netcat-openbsd (1.218-5) unstable; urgency=low
This release adds support for abstract namespace sockets in the AF_UNIX
family. When the specified socket path starts with an at symbol '@', such as
in `nc -U @foobar.sock`, it is read as an abstract socket (on Linux).
This has possible security implications: `nc -lU @foobar.sock` used to bind
pathname socket '@foobar.sock' in the current directory, subject to umask and
file system access restrictions, while on Linux it now binds 'foobar.sock' in
the abstract namespace where ownership and permissions have *no meaning*.
In order to specify a pathname socket make sure the argument doesn't start
with '@'; for instance by prefixing with './' or by using a fully-qualified
path. (Note however that on Linux socket pathnames may not exceed 108 bytes
in size.)
-- Guilhem Moulin <guilhem@debian.org> Fri, 11 Mar 2022 21:54:15 +0100
|
