Security of o=rwx with classical Unix permissions

This is not directly insecure, as long as these files and directories have the same owner than the parent directory, that there is no hard-link allowing to bypass the parent directory permissions and that there is no exception put on the parent directory permissions (like some ACL for instance).

However, I would still classify this as not prudent and not clean, as this is playing with fire. At some point in the future, most probably because of an unrelated modification linked to an unrelated software or project, the above conditions will not be met anymore opening wide the security vulnerability (and thanks to Murphy's law you can assume this will happen at the worst moment).

When writing software, you must never write unsecure code based on the assumption that it will remain protected by outer protection layers and therefore never be exploitable because being "out-of-reach". Security must be conceived as a whole where every component has to play its role to ensure a good general security posture.

So, my answer is:

  • For some occasional tests, most chances are this is fine and there will be no problem with this,
  • For some real development, please don't do this and use proper rights!

Linux honors file permission on domain sockets, but there are Unix implementations that ignore permissions on the socket file (e.g. BSD, HP-UX). A portable program that depends on filesystem permission for security should create the socket in a directory with the desired permission rather than setting the permission on the socket file.

There is also a number of situations where people could access a file (and therefore a domain socket) without being able to access the parent folder. These generally require privilege to initially setup but they can access them unprivileged afterwards. For example, if someone has access to a bind mount into a folder inside your home directory, then they would be able to bypass your home directory's permission as they would be accessing your folder through their bind mount path. Another example is if the system is set up with alternative permission mechanism (e.g. ACL), then other users may be permitted to access that file through those alternate permission mechanism, despite a restrictive Unix permission.