local-seqpacket-socket-listen 1 user commands nosh local-seqpacket-socket-listen create a socket listening for incoming AF_LOCAL sequential packets and chain local-seqpacket-socket-listen --uid number --gid number --mode number --pass-credentials --pass-security --upstart-compatibility --systemd-compatibility path next-prog local-seqpacket-socket-listen is a chain-loading utility that opens a local domain sequential packet socket bound to path, sets the socket to file descriptor 3+n (where n is the number of already-opened listening file descriptors), closing whatever that descriptor was, and then chain loads to next-prog with the execvp3 function. next-prog may contain its own command line options, which local-seqpacket-socket-listen will ignore. For compatibility with dæmons that expect to be run under inetd1, inheriting the listening socket as their standard input, simply use fdmove 0 3 in next-prog. See fdmove1. After binding the socket to path, local-seqpacket-socket-listen changes the owner UID of the socket to that specified with the --uid command line argument (if supplied), changes the GID of the socket to that specified with the --gid command line argument (if supplied), and changes the permissions of the socket to those specified with the --mode command line argument (if supplied). The normal conventions for numbers apply, so for octal permissions use a leading zero. Symbolic permissions and account names are not supported. The --pass-credentials option causes local-seqpacket-socket-listen to request the SO_PASSCRED socket option. The --pass-security option causes it to request the SO_PASSSEC socket option. The --upstart-compatibility option causes local-seqpacket-socket-listen to set the UPSTART_FDS environment variable to 3, and the UPSTART_EVENTS environment variable to socket. This is for compatibility with dæmons that expect to be run under upstart1. The --systemd-compatibility option is for compatibility with dæmons that expect to be run under systemd1. It causes local-seqpacket-socket-listen to set the LISTEN_FDS environment variable to the number of listening file descriptors, and the LISTEN_PID environment variable to its own process ID. If the command is started up with the LISTEN_FDS and the LISTEN_PID environment variables already appropriately set, the number of listening file descriptors is taken from them and increased by one, otherwise the number of file descriptors is 1. Thus a list of listening file descriptors can be built up with multiple commands, as long as they all use the --systemd-compatibility option. Because of an oversight in operating systems that prevents fchmod2 and fchown2 from working with bound local domain sockets, local-seqpacket-socket-listen calls chmod2 and chown2 on path. Because of an oversight in operating systems that prevents bind2 from being able to re-use old local domain socket addresses, local-seqpacket-socket-listen attempts to delete, with unlink2, any file named path before binding. An attacker who could change what file is denoted by path in between the calls to bind2 and the call to chmod2 and chown2 could change the permissions and ownership of any file in the filesystem. An attacker who could change what file is denoted by path before the call to unlink2 could unlink any file in the filesystem. To avoid these security holes, ensure that none of the directories in the path to path (not just the final one) are writable by untrusted users or groups; and ensure that untrusted programs cannot supply path. local-seqpacket-socket-listen can be used as a simple dæmon monitored by service-manager1. local-seqpacket-socket-listen overlaps the functionality of inetd1 and systemd1 (in the systemd-recommended configuration of Accept=false sockets). To change the process' UID and GID after opening the socket, simply chain through setuidgid1. tcp-socket-listen1 udp-socket-listen1 local-datagram-socket-listen1 local-stream-socket-listen1 netlink-datagram-socket-listen1 listeners for other protocols Jonathan de Boyne Pollard