changing UNIX domain socket access control to file permissions checks, instead of UDS credentials (#2887)

7 files changed, 192 insertions, 145 deletions

diff --git a/src/arm/gnunet-service-arm.c b/src/arm/gnunet-service-arm.c
index 942534b08..7c759d0ac 100644
--- a/src/arm/gnunet-service-arm.c
+++ b/src/arm/gnunet-service-arm.c
@@ -582,34 +582,36 @@ create_listen_socket (struct sockaddr *sa, socklen_t addr_len,
   static int on = 1;
   struct GNUNET_NETWORK_Handle *sock;
   struct ServiceListeningInfo *sli;
+  int match_uid;
+  int match_gid;
 
   switch (sa->sa_family)
-    {
-    case AF_INET:
-      sock = GNUNET_NETWORK_socket_create (PF_INET, SOCK_STREAM, 0);
-      break;
-    case AF_INET6:
-      sock = GNUNET_NETWORK_socket_create (PF_INET6, SOCK_STREAM, 0);
-      break;
-    case AF_UNIX:
-      if (strcmp (GNUNET_a2s (sa, addr_len), "@") == 0) /* Do not bind to blank UNIX path! */
-        return;
-      sock = GNUNET_NETWORK_socket_create (PF_UNIX, SOCK_STREAM, 0);
-      break;
-    default:
-      GNUNET_break (0);
-      sock = NULL;
-      errno = EAFNOSUPPORT;
-      break;
-    }
-  if (NULL == sock)
-    {
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                  _("Unable to create socket for service `%s': %s\n"),
-                  sl->name, STRERROR (errno));
-      GNUNET_free (sa);
+  {
+  case AF_INET:
+    sock = GNUNET_NETWORK_socket_create (PF_INET, SOCK_STREAM, 0);
+    break;
+  case AF_INET6:
+    sock = GNUNET_NETWORK_socket_create (PF_INET6, SOCK_STREAM, 0);
+    break;
+  case AF_UNIX:
+    if (strcmp (GNUNET_a2s (sa, addr_len), "@") == 0)   /* Do not bind to blank UNIX path! */
       return;
-    }
+    sock = GNUNET_NETWORK_socket_create (PF_UNIX, SOCK_STREAM, 0);
+    break;
+  default:
+    GNUNET_break (0);
+    sock = NULL;
+    errno = EAFNOSUPPORT;
+    break;
+  }
+  if (NULL == sock)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                _("Unable to create socket for service `%s': %s\n"),
+                sl->name, STRERROR (errno));
+    GNUNET_free (sa);
+    return;
+  }
   if (GNUNET_NETWORK_socket_setsockopt
       (sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof (on)) != GNUNET_OK)
     GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
@@ -624,22 +626,37 @@ create_listen_socket (struct sockaddr *sa, socklen_t addr_len,
 
   if (GNUNET_OK !=
       GNUNET_NETWORK_socket_bind (sock, (const struct sockaddr *) sa, addr_len))
-    {
-      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                  _
-                  ("Unable to bind listening socket for service `%s' to address `%s': %s\n"),
-                  sl->name, GNUNET_a2s (sa, addr_len), STRERROR (errno));
-      GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (sock));
-      GNUNET_free (sa);
-      return;
-    }
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                _
+                ("Unable to bind listening socket for service `%s' to address `%s': %s\n"),
+                sl->name, GNUNET_a2s (sa, addr_len), STRERROR (errno));
+    GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (sock));
+    GNUNET_free (sa);
+    return;
+  }
+#ifndef WINDOWS
+  if (AF_UNIX == sa->sa_family)
+  {
+    match_uid =
+      GNUNET_CONFIGURATION_get_value_yesno (cfg, sl->name,
+                                            "UNIX_MATCH_UID");
+    match_gid =
+      GNUNET_CONFIGURATION_get_value_yesno (cfg, sl->name,
+                                            "UNIX_MATCH_GID");
+    GNUNET_DISK_fix_permissions (((const struct sockaddr_un *)sa)->sun_path,
+                                 match_uid,
+                                 match_gid);
+
+  }
+#endif
   if (GNUNET_NETWORK_socket_listen (sock, 5) != GNUNET_OK)
-    {
-      GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "listen");
-      GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (sock));
-      GNUNET_free (sa);
-      return;
-    }
+  {
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "listen");
+    GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (sock));
+    GNUNET_free (sa);
+    return;
+  }
   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               _("ARM now monitors connections to service `%s' at `%s'\n"),
               sl->name, GNUNET_a2s (sa, addr_len));
diff --git a/src/include/gnunet_disk_lib.h b/src/include/gnunet_disk_lib.h
index f6aa3d070..7de64abff 100644
--- a/src/include/gnunet_disk_lib.h
+++ b/src/include/gnunet_disk_lib.h
@@ -265,7 +265,7 @@ enum GNUNET_DISK_PipeEnd
  * Checks whether a handle is invalid
  *
  * @param h handle to check
- * @return GNUNET_YES if invalid, GNUNET_NO if valid
+ * @return #GNUNET_YES if invalid, #GNUNET_NO if valid
  */
 int
 GNUNET_DISK_handle_invalid (const struct GNUNET_DISK_FileHandle *h);
@@ -506,6 +506,21 @@ GNUNET_DISK_pipe_handle (const struct GNUNET_DISK_PipeHandle *p,
  */
 struct GNUNET_DISK_FileHandle *
 GNUNET_DISK_get_handle_from_w32_handle (HANDLE osfh);
+#else
+
+/**
+ * Update POSIX permissions mask of a file on disk.  If both argumets
+ * are #GNUNET_NO, the file is made world-read-write-executable (777).
+ *
+ * @param fn name of the file to update
+ * @param require_uid_match #GNUNET_YES means 700
+ * @param require_gid_match #GNUNET_YES means 770 unless @a require_uid_match is set
+ */
+void
+GNUNET_DISK_fix_permissions (const char *fn,
+                             int require_uid_match,
+                             int require_gid_match);
+
 #endif
 
 
diff --git a/src/util/connection.c b/src/util/connection.c
index eeabebdf7..5c2ee1b37 100644
--- a/src/util/connection.c
+++ b/src/util/connection.c
@@ -419,7 +419,8 @@ GNUNET_CONNECTION_create_from_accept (GNUNET_CONNECTION_AccessCheck access,
       (GNUNET_YES != (aret = access (access_cls, gcp, uaddr, addrlen))))
   {
     if (GNUNET_NO == aret)
-      LOG (GNUNET_ERROR_TYPE_INFO, _("Access denied to `%s'\n"),
+      LOG (GNUNET_ERROR_TYPE_INFO,
+           _("Access denied to `%s'\n"),
            GNUNET_a2s (uaddr, addrlen));
     GNUNET_break (GNUNET_OK ==
                   GNUNET_NETWORK_socket_shutdown (sock, SHUT_RDWR));
diff --git a/src/util/disk.c b/src/util/disk.c
index 0d24d5a09..03d169780 100644
--- a/src/util/disk.c
+++ b/src/util/disk.c
@@ -463,6 +463,35 @@ mkdtemp (char *fn)
   strcpy (fn, tfn);
   return fn;
 }
+#else
+
+/**
+ * Update POSIX permissions mask of a file on disk.  If both argumets
+ * are #GNUNET_NO, the file is made world-read-write-executable (777).
+ *
+ * @param fn name of the file to update
+ * @param require_uid_match #GNUNET_YES means 700
+ * @param require_gid_match #GNUNET_YES means 770 unless @a require_uid_match is set
+ */
+void
+GNUNET_DISK_fix_permissions (const char *fn,
+                             int require_uid_match,
+                             int require_gid_match)
+{
+  mode_t mode;
+
+  if (GNUNET_YES == require_uid_match)
+    mode = S_IRUSR | S_IWUSR | S_IXUSR;
+  else if (GNUNET_YES == require_gid_match)
+    mode = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP;
+  else
+    mode = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH;
+  if (0 != chmod (fn, mode))
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "chmod",
+                              fn);
+}
+
 #endif
 
 /**
diff --git a/src/util/network.c b/src/util/network.c
index 7a4b2a0b3..03dfcddd6 100644
--- a/src/util/network.c
+++ b/src/util/network.c
@@ -87,8 +87,8 @@ GNUNET_NETWORK_test_pf (int pf)
   {
     if (EAFNOSUPPORT == errno)
       return GNUNET_NO;
-    GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 
-                "Failed to create test socket: %s\n", 
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Failed to create test socket: %s\n",
                 STRERROR (errno));
     return GNUNET_SYSERR;
   }
@@ -400,11 +400,14 @@ GNUNET_NETWORK_socket_bind (struct GNUNET_NETWORK_Handle *desc,
   {
     const struct sockaddr_un *address_un = (const struct sockaddr_un *)address;
     if (address_un->sun_path[0] == '\0')
+    {
       bind_address_len = \
           sizeof (struct sockaddr_un) \
         - sizeof (address_un->sun_path) \
         + strnlen (address_un->sun_path + 1, sizeof (address_un->sun_path) - 1) \
         + 1;
+      GNUNET_break (0);
+    }
   }
 #endif
 
@@ -413,7 +416,7 @@ GNUNET_NETWORK_socket_bind (struct GNUNET_NETWORK_Handle *desc,
   {
     const int on = 1;
 
-    if (desc->af == AF_INET6)
+    if (AF_INET6 == desc->af)
       if (setsockopt (desc->fd, IPPROTO_IPV6, IPV6_V6ONLY,
                       (const void *) &on,
                       sizeof (on)))
@@ -431,7 +434,22 @@ GNUNET_NETWORK_socket_bind (struct GNUNET_NETWORK_Handle *desc,
       LOG_STRERROR (GNUNET_ERROR_TYPE_DEBUG, "setsockopt");
   }
 #endif
-  ret = bind (desc->fd, address, bind_address_len);
+#ifndef WINDOWS
+  {
+    /* set permissions of newly created UNIX domain socket to "user-only"; applications
+       can choose to relax this later */
+    mode_t old_mask;
+
+    if (AF_UNIX == address->sa_family)
+      old_mask = umask (S_IWGRP | S_IRGRP | S_IXGRP | S_IWOTH | S_IROTH | S_IXOTH);
+#endif
+
+    ret = bind (desc->fd, address, bind_address_len);
+#ifndef WINDOWS
+    if (AF_UNIX == address->sa_family)
+      (void) umask (old_mask);
+  }
+#endif
 #ifdef MINGW
   if (SOCKET_ERROR == ret)
     SetErrnoFromWinsockError (WSAGetLastError ());
@@ -477,8 +495,8 @@ GNUNET_NETWORK_socket_close (struct GNUNET_NETWORK_Handle *desc)
     const struct sockaddr_un *un = (const struct sockaddr_un *) desc->addr;
 
     if (0 != unlink (un->sun_path))
-      LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, 
-                         "unlink", 
+      LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING,
+                         "unlink",
                          un->sun_path);
   }
 #endif
@@ -550,12 +568,15 @@ GNUNET_NETWORK_socket_connect (const struct GNUNET_NETWORK_Handle *desc,
   if (address->sa_family == AF_UNIX)
   {
     const struct sockaddr_un *address_un = (const struct sockaddr_un *)address;
-    if(address_un->sun_path[0] == '\0')
-      address_len = \
+    if (address_un->sun_path[0] == '\0')
+    {
+      address_len =                   \
           sizeof (struct sockaddr_un) \
         - sizeof (address_un->sun_path) \
         + strnlen (address_un->sun_path + 1, sizeof (address_un->sun_path) - 1) \
         + 1;
+      GNUNET_break (0);
+    }
   }
 #endif
   ret = connect (desc->fd, address, address_len);
diff --git a/src/util/server.c b/src/util/server.c
index 40e7c9f48..8a36877dd 100644
--- a/src/util/server.c
+++ b/src/util/server.c
@@ -392,7 +392,8 @@ GNUNET_SERVER_client_set_user_context_ (struct GNUNET_SERVER_Client *client,
  * @param tc reason why we are running right now
  */
 static void
-process_listen_socket (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
+process_listen_socket (void *cls,
+                       const struct GNUNET_SCHEDULER_TaskContext *tc)
 {
   struct GNUNET_SERVER_Handle *server = cls;
   struct GNUNET_CONNECTION_Handle *sock;
@@ -417,7 +418,8 @@ process_listen_socket (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
                                                 server->listen_sockets[i]);
       if (NULL != sock)
       {
-        LOG (GNUNET_ERROR_TYPE_DEBUG, "Server accepted incoming connection.\n");
+        LOG (GNUNET_ERROR_TYPE_DEBUG,
+             "Server accepted incoming connection.\n");
         client = GNUNET_SERVER_connect_socket (server, sock);
         /* decrement reference count, we don't keep "client" alive */
         GNUNET_SERVER_client_drop (client);
@@ -434,7 +436,7 @@ process_listen_socket (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
  * Create and initialize a listen socket for the server.
  *
  * @param server_addr address to listen on
- * @param socklen length of address
+ * @param socklen length of @a server_addr
  * @return NULL on error, otherwise the listen socket
  */
 static struct GNUNET_NETWORK_Handle *
@@ -543,7 +545,7 @@ GNUNET_SERVER_create_with_sockets (GNUNET_CONNECTION_AccessCheck access,
 {
   struct GNUNET_SERVER_Handle *server;
 
-  server = GNUNET_malloc (sizeof (struct GNUNET_SERVER_Handle));
+  server = GNUNET_new (struct GNUNET_SERVER_Handle);
   server->idle_timeout = idle_timeout;
   server->listen_sockets = lsocks;
   server->access = access;
@@ -843,7 +845,7 @@ GNUNET_SERVER_add_handlers (struct GNUNET_SERVER_Handle *server,
 {
   struct HandlerList *p;
 
-  p = GNUNET_malloc (sizeof (struct HandlerList));
+  p = GNUNET_new (struct HandlerList);
   p->handlers = handlers;
   p->next = server->handlers;
   server->handlers = p;
@@ -977,7 +979,7 @@ GNUNET_SERVER_inject (struct GNUNET_SERVER_Handle *server,
                (GNUNET_SCHEDULER_NO_TASK == sender->warn_task) )
           {
             GNUNET_break (0 != type); /* type should never be 0 here, as we don't use 0 */
-            sender->warn_start = GNUNET_TIME_absolute_get ();   
+            sender->warn_start = GNUNET_TIME_absolute_get ();
             sender->warn_task =
                 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_MINUTES,
                                               &warn_no_receive_done, sender);
@@ -1235,7 +1237,7 @@ GNUNET_SERVER_connect_socket (struct GNUNET_SERVER_Handle *server,
   struct GNUNET_SERVER_Client *client;
   struct NotifyList *n;
 
-  client = GNUNET_malloc (sizeof (struct GNUNET_SERVER_Client));
+  client = GNUNET_new (struct GNUNET_SERVER_Client);
   client->connection = connection;
   client->reference_count = 1;
   client->server = server;
diff --git a/src/util/service.c b/src/util/service.c
index b8975f418..d60cc2885 100644
--- a/src/util/service.c
+++ b/src/util/service.c
@@ -532,17 +532,17 @@ struct GNUNET_SERVICE_Context
 
   /**
    * Do we require a matching UID for UNIX domain socket connections?
-   * GNUNET_NO means that the UID does not have to match (however,
-   * "match_gid" may still impose other access control checks).
+   * #GNUNET_NO means that the UID does not have to match (however,
+   * @e match_gid may still impose other access control checks).
    */
   int match_uid;
 
   /**
    * Do we require a matching GID for UNIX domain socket connections?
-   * Ignored if "match_uid" is GNUNET_YES.  Note that this is about
+   * Ignored if @e match_uid is #GNUNET_YES.  Note that this is about
    * checking that the client's UID is in our group OR that the
-   * client's GID is our GID.  If both "match_gid" and "match_uid" are
-   * "GNUNET_NO", all users on the local system have access.
+   * client's GID is our GID.  If both "match_gid" and @e match_uid are
+   * #GNUNET_NO, all users on the local system have access.
    */
   int match_gid;
 
@@ -626,7 +626,7 @@ static const struct GNUNET_SERVER_MessageHandler defhandlers[] = {
  * @param uc credentials, if available, otherwise NULL
  * @param addr address
  * @param addrlen length of address
- * @return GNUNET_YES to allow, GNUNET_NO to deny, GNUNET_SYSERR
+ * @return #GNUNET_YES to allow, #GNUNET_NO to deny, #GNUNET_SYSERR
  *   for unknown address family (will be denied).
  */
 static int
@@ -658,56 +658,7 @@ check_access (void *cls, const struct GNUNET_CONNECTION_Credentials *uc,
     break;
 #ifndef WINDOWS
   case AF_UNIX:
-    ret = GNUNET_OK;            /* always OK for now */
-    if (GNUNET_YES == sctx->match_uid)
-    {
-      /* UID match required */
-      ret = (NULL != uc) && ( (0 == uc->uid) || (uc->uid == geteuid ()) );
-    }
-    else if ( (GNUNET_YES == sctx->match_gid) &&
-              ( (NULL == uc) ||
-                ( (0 != uc->uid) &&
-                  (uc->uid != geteuid ()) ) ) )
-    {
-      /* group match required and UID does not match */
-      if (NULL == uc)
-      {
-        /* no credentials, group match not possible */
-        ret = GNUNET_NO;
-      }
-      else
-      {
-        struct group *grp;
-        unsigned int i;
-
-        if (uc->gid != getegid())
-        {
-          /* default group did not match, but maybe the user is in our group, let's check */
-          grp = getgrgid (getegid ());
-          if (NULL == grp)
-          {
-            GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "getgrgid");
-            return GNUNET_NO;
-          }
-          ret = GNUNET_NO;
-          for (i=0; NULL != grp->gr_mem[i]; i++)
-          {
-            struct passwd *nam = getpwnam (grp->gr_mem[i]);
-            if (NULL == nam)
-              continue; /* name in group that is not in user DB !? */
-            if (nam->pw_uid == uc->uid)
-            {
-              /* yes, uid is in our group, allow! */
-              ret = GNUNET_YES;
-              break;
-            }
-          }
-        }
-      }
-    }
-    if (GNUNET_NO == ret)
-      LOG (GNUNET_ERROR_TYPE_WARNING, _("Access denied to UID %d / GID %d\n"),
-           (NULL == uc) ? -1 : uc->uid, (NULL == uc) ? -1 : uc->gid);
+    ret = GNUNET_OK;            /* controlled using file-system ACL now */
     break;
 #endif
   default:
@@ -752,7 +703,7 @@ get_pid_file_name (struct GNUNET_SERVICE_Context *sctx)
  * @param ret location where to write the ACL (set)
  * @param sctx service context to use to get the configuration
  * @param option name of the ACL option to parse
- * @return GNUNET_SYSERR on parse error, GNUNET_OK on success (including
+ * @return #GNUNET_SYSERR on parse error, #GNUNET_OK on success (including
  *         no ACL configured)
  */
 static int
@@ -789,7 +740,7 @@ process_acl4 (struct IPv4NetworkSet **ret, struct GNUNET_SERVICE_Context *sctx,
  * @param ret location where to write the ACL (set)
  * @param sctx service context to use to get the configuration
  * @param option name of the ACL option to parse
- * @return GNUNET_SYSERR on parse error, GNUNET_OK on success (including
+ * @return #GNUNET_SYSERR on parse error, #GNUNET_OK on success (including
  *         no ACL configured)
  */
 static int
@@ -835,7 +786,7 @@ add_unixpath (struct sockaddr **saddrs, socklen_t * saddrlens,
 #ifdef AF_UNIX
   struct sockaddr_un *un;
 
-  un = GNUNET_malloc (sizeof (struct sockaddr_un));
+  un = GNUNET_new (struct sockaddr_un);
   un->sun_family = AF_UNIX;
   strncpy (un->sun_path, unixpath, sizeof (un->sun_path) - 1);
 #if HAVE_SOCKADDR_IN_SIN_LEN
@@ -864,11 +815,11 @@ add_unixpath (struct sockaddr **saddrs, socklen_t * saddrlens,
  *              of the respective 'struct sockaddr' struct in the 'addrs'
  *              array (on success)
  * @return number of addresses found on success,
- *              GNUNET_SYSERR if the configuration
+ *              #GNUNET_SYSERR if the configuration
  *              did not specify reasonable finding information or
  *              if it specified a hostname that could not be resolved;
- *              GNUNET_NO if the number of addresses configured is
- *              zero (in this case, '*addrs' and '*addr_lens' will be
+ *              #GNUNET_NO if the number of addresses configured is
+ *              zero (in this case, `*addrs` and `*addr_lens` will be
  *              set to NULL).
  */
 int
@@ -1000,8 +951,7 @@ GNUNET_SERVICE_get_server_addresses (const char *service_name,
         return GNUNET_SYSERR;
       }
       LOG (GNUNET_ERROR_TYPE_INFO,
-           _
-           ("Disabling UNIX domain socket support for service `%s', failed to create UNIX domain socket: %s\n"),
+           _("Disabling UNIX domain socket support for service `%s', failed to create UNIX domain socket: %s\n"),
            service_name, STRERROR (errno));
       GNUNET_free (unixpath);
       unixpath = NULL;
@@ -1017,8 +967,7 @@ GNUNET_SERVICE_get_server_addresses (const char *service_name,
   if ((0 == port) && (NULL == unixpath))
   {
     LOG (GNUNET_ERROR_TYPE_ERROR,
-         _
-         ("Have neither PORT nor UNIXPATH for service `%s', but one is required\n"),
+         _("Have neither PORT nor UNIXPATH for service `%s', but one is required\n"),
          service_name);
     GNUNET_free_non_null (hostname);
     return GNUNET_SYSERR;
@@ -1185,8 +1134,8 @@ GNUNET_SERVICE_get_server_addresses (const char *service_name,
  * Read listen sockets from the parent process (ARM).
  *
  * @param sctx service context to initialize
- * @return GNUNET_YES if ok, GNUNET_NO if not ok (must bind yourself),
- * and GNUNET_SYSERR on error.
+ * @return #GNUNET_YES if ok, #GNUNET_NO if not ok (must bind yourself),
+ * and #GNUNET_SYSERR on error.
  */
 static int
 receive_sockets_from_parent (struct GNUNET_SERVICE_Context *sctx)
@@ -1280,7 +1229,7 @@ receive_sockets_from_parent (struct GNUNET_SERVICE_Context *sctx)
  * - REJECT_FROM6 (disallow allow connections from specified IPv6 subnets)
  *
  * @param sctx service context to initialize
- * @return GNUNET_OK if configuration succeeded
+ * @return #GNUNET_OK if configuration succeeded
  */
 static int
 setup_service (struct GNUNET_SERVICE_Context *sctx)
@@ -1404,12 +1353,13 @@ get_user_name (struct GNUNET_SERVICE_Context *sctx)
   return un;
 }
 
+
 /**
  * Write PID file.
  *
  * @param sctx service context
  * @param pid PID to write (should be equal to 'getpid()'
- * @return  GNUNET_OK on success (including no work to be done)
+ * @return  #GNUNET_OK on success (including no work to be done)
  */
 static int
 write_pid_file (struct GNUNET_SERVICE_Context *sctx, pid_t pid)
@@ -1467,7 +1417,7 @@ write_pid_file (struct GNUNET_SERVICE_Context *sctx, pid_t pid)
 /**
  * Task run during shutdown.  Stops the server/service.
  *
- * @param cls the 'struct GNUNET_SERVICE_Context'
+ * @param cls the `struct GNUNET_SERVICE_Context`
  * @param tc unused
  */
 static void
@@ -1501,33 +1451,37 @@ service_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
   (void) GNUNET_SPEEDUP_start_ (sctx->cfg);
   GNUNET_RESOLVER_connect (sctx->cfg);
   if (NULL != sctx->lsocks)
-    sctx->server =
-        GNUNET_SERVER_create_with_sockets (&check_access, sctx, sctx->lsocks,
+    sctx->server
+      = GNUNET_SERVER_create_with_sockets (&check_access, sctx, sctx->lsocks,
                                            sctx->timeout, sctx->require_found);
   else
-    sctx->server =
-        GNUNET_SERVER_create (&check_access, sctx, sctx->addrs, sctx->addrlens,
+    sctx->server
+      = GNUNET_SERVER_create (&check_access, sctx, sctx->addrs, sctx->addrlens,
                               sctx->timeout, sctx->require_found);
   if (NULL == sctx->server)
   {
     if (NULL != sctx->addrs)
-    {
-      i = 0;
-      while (NULL != sctx->addrs[i])
-      {
-        LOG (GNUNET_ERROR_TYPE_INFO, _("Failed to start `%s' at `%s'\n"),
+      for (i = 0; NULL != sctx->addrs[i]; i++)
+        LOG (GNUNET_ERROR_TYPE_INFO,
+             _("Failed to start `%s' at `%s'\n"),
              sctx->service_name, GNUNET_a2s (sctx->addrs[i], sctx->addrlens[i]));
-        i++;
-      }
-    }
     sctx->ret = GNUNET_SYSERR;
     return;
   }
+  if (NULL != sctx->addrs)
+    for (i = 0; NULL != sctx->addrs[i]; i++)
+      if (AF_UNIX == sctx->addrs[i]->sa_family)
+        GNUNET_DISK_fix_permissions (((const struct sockaddr_un *)sctx->addrs[i])->sun_path,
+                                     sctx->match_uid,
+                                     sctx->match_gid);
+
+
   if (0 == (sctx->options & GNUNET_SERVICE_OPTION_MANUAL_SHUTDOWN))
   {
     /* install a task that will kill the server
      * process if the scheduler ever gets a shutdown signal */
-    sctx->shutdown_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &shutdown_task,
+    sctx->shutdown_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL,
+                                                        &shutdown_task,
                                                         sctx);
   }
   sctx->my_handlers = GNUNET_malloc (sizeof (defhandlers));
@@ -1642,7 +1596,7 @@ detach_terminal (struct GNUNET_SERVICE_Context *sctx)
  * Set user ID.
  *
  * @param sctx service context
- * @return GNUNET_OK on success, GNUNET_SYSERR on error
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
 static int
 set_user_id (struct GNUNET_SERVICE_Context *sctx)
@@ -1717,8 +1671,10 @@ pid_file_delete (struct GNUNET_SERVICE_Context *sctx)
  *         if we shutdown nicely
  */
 int
-GNUNET_SERVICE_run (int argc, char *const *argv, const char *service_name,
-                    enum GNUNET_SERVICE_Options options, GNUNET_SERVICE_Main task,
+GNUNET_SERVICE_run (int argc, char *const *argv,
+                    const char *service_name,
+                    enum GNUNET_SERVICE_Options options,
+                    GNUNET_SERVICE_Main task,
                     void *task_cls)
 {
 #define HANDLE_ERROR do { GNUNET_break (0); goto shutdown; } while (0)
@@ -1891,7 +1847,7 @@ GNUNET_SERVICE_start (const char *service_name,
   int i;
   struct GNUNET_SERVICE_Context *sctx;
 
-  sctx = GNUNET_malloc (sizeof (struct GNUNET_SERVICE_Context));
+  sctx = GNUNET_new (struct GNUNET_SERVICE_Context);
   sctx->ready_confirm_fd = -1;  /* no daemonizing */
   sctx->ret = GNUNET_OK;
   sctx->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
@@ -1919,6 +1875,12 @@ GNUNET_SERVICE_start (const char *service_name,
     GNUNET_SERVICE_stop (sctx);
     return NULL;
   }
+  if (NULL != sctx->addrs)
+    for (i = 0; NULL != sctx->addrs[i]; i++)
+      if (AF_UNIX == sctx->addrs[i]->sa_family)
+        GNUNET_DISK_fix_permissions (((const struct sockaddr_un *)sctx->addrs[i])->sun_path,
+                                     sctx->match_uid,
+                                     sctx->match_gid);
   sctx->my_handlers = GNUNET_malloc (sizeof (defhandlers));
   memcpy (sctx->my_handlers, defhandlers, sizeof (defhandlers));
   i = 0;