| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Apr 2013 22:55:28 +0200 From: Kay Sievers <kay@...y.org> To: netdev@...r.kernel.org Subject: unix STREAM/SEQPACKET sockets and SO_PASSCRED race While checking the issues caused by: "af_unix: dont send SCM_CREDENTIAL when dest socket is NULL" http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=14134f6584212d585b310ce95428014b653dfaf6 which was later reverted by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=25da0e3e9d3fb2b522bc2a598076735850310eb1 Seems, if messages are sent by the client during the window between accept() and setsockopt(SO_PASSCRED) on the server, the kernel will not attach the credentials to the message. The original change opened the race window significantly, but it seems the window existed even before the change, it's just hard to hit. Is there a way to race-free set up a connection on the server side which has scm credentials enabled? If scm credential handling should only be needed to be requested on the server side, is there any way to do that? If not, could we inherit/copy over the PASSCRED bit from the listen socket to the connection socket. Servers could set the flag there to receive it for the accepted connections? Thanks, Kay -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists