Impact
On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection.
The problem exists since Redis 2.6.0-RC1.
Patches
The problem is fixed in Redis 7.2.2, 7.0.14 or 6.2.14.
Workaround
It is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.
Credit
The problem was reported by Alexander Aleksandrovič Klimov of Icinga.
Impact
On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection.
The problem exists since Redis 2.6.0-RC1.
Patches
The problem is fixed in Redis 7.2.2, 7.0.14 or 6.2.14.
Workaround
It is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.
Credit
The problem was reported by Alexander Aleksandrovič Klimov of Icinga.