Expand comment for named IPC chmod().

ipc/ipc_channel_posix.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "ipc/ipc_channel_posix.h"
 
 #include <errno.h>
 #include <fcntl.h>
 #include <stddef.h>
 #include <sys/types.h>
@@ skipping 175 matching lines @@
 
   // Bind the socket.
   if (bind(fd, reinterpret_cast<const sockaddr*>(&unix_addr),
            unix_addr_len) != 0) {
     PLOG(ERROR) << "bind " << pipe_name;
     if (HANDLE_EINTR(close(fd)) < 0)
       PLOG(ERROR) << "close " << pipe_name;
     return false;
   }
 
-  // Adjust the socket permissions.
+  // Explicitly set file system permissions on socket, mainly as a precaution
+  // for Chrome OS.
+  // Do not rely on these file permissions to provide security - the file is
+  // created during the above bind() call so there is still a window for
+  // malicious abuse because the file exists between bind() and chmod(). Also,
+  // the file permissions may not be enforced for unix sockets on all platforms.
   if (chmod(pipe_name.c_str(), 0600)) {
-    PLOG(ERROR) << "fchmod " << pipe_name;
+    PLOG(ERROR) << "chmod " << pipe_name;
     if (HANDLE_EINTR(close(fd)) < 0)
       PLOG(ERROR) << "close " << pipe_name;
     return false;
   }
 
   // Start listening on the socket.
   const int listen_queue_length = 1;
   if (listen(fd, listen_queue_length) != 0) {
     PLOG(ERROR) << "listen " << pipe_name;
     if (HANDLE_EINTR(close(fd)) < 0)
@@ skipping 939 matching lines @@
 
 bool Channel::HasAcceptedConnection() const {
   return channel_impl_->HasAcceptedConnection();
 }
 
 void Channel::ResetToAcceptingConnectionState() {
   channel_impl_->ResetToAcceptingConnectionState();
 }
 
 }  // namespace IPC