Bug 194203 - /var/run/avahi-daemon has wrong permissions
Summary: /var/run/avahi-daemon has wrong permissions
Alias: None
Product: Fedora
Classification: Fedora
Component: avahi
Version: 5
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Martin Stransky
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2006-06-06 04:25 UTC by Michael Sullivan
Modified: 2007-11-30 22:11 UTC (History)
0 users

Clone Of:
Last Closed: 2007-08-12 17:05:48 UTC

Attachments (Terms of Use)

Description Michael Sullivan 2006-06-06 04:25:51 UTC
Description of problem:
/var/run/avahi-daemon is created with permission 0750, but it should be 0755.
This prevents access by ordinary users to the daemon's socket needed for the
"simple protocol" used, for example, by the external nss-mdns project.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. ls -ld /var/run/avahi-daemon
Actual results:
drwxr-x--- 2 avahi avahi 4096 Jun  5 22:31 /var/run/avahi-daemon

Expected results:
drwxr-xr-x 2 avahi avahi 4096 Jun  5 22:31 /var/run/avahi-daemon

Additional info:

This fragment of the make_runtime_dir function in avahi-daemon/main.c
demonstrates the intended permissions of the directory:

    if (mkdir(AVAHI_DAEMON_RUNTIME_DIR, 0755) < 0 && errno != EEXIST) {
        avahi_log_error("mkdir(\""AVAHI_DAEMON_RUNTIME_DIR"\"): %s",
        goto fail;

P.S. Any update to fix this problem should also update to avahi 0.6.10
since 0.6.9 is known to have security sensitive bugs.

Comment 1 Jason Vas Dias 2006-06-07 15:49:46 UTC
This is now fixed with avahi-0.6.10-1.FC5 / avahi-0.6.10-2.FC6 .

Comment 2 Fedora Update System 2006-06-07 23:40:09 UTC
avahi-0.6.10-1.FC5 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 3 Lennart Poettering 2007-08-12 17:05:48 UTC
I think this bug can be closed now. And I also remembered to having fixed this
upstram years ago. 

Note You need to log in before you can comment on or make changes to this bug.