lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <200810070004.m9704fZB019302@isp2dial.com>
Date:	Tue, 07 Oct 2008 00:04:42 +0000
From:	John Kelly <jak@...2dial.com>
To:	linux-kernel@...r.kernel.org
Subject: Re: User credentials on a unix datagram socket

On Sun, 05 Oct 2008 21:41:22 +0000, John Kelly <jak@...2dial.com>
wrote:

>The socket(7) man page seems to imply that user credentials cannot be
>sent on a unix datagram socket, unless socketpair() created it.

>> SO_PEERCRED
>>   Return the credentials of the foreign process connected to this socket.
>>   This is only possible for connected AF_UNIX stream sockets and AF_UNIX
>>   stream and datagram socket pairs created using socketpair(2);

>But through trial and error, without reading any kernel source, I
>learned that you can send user credentials on a regular unix datagram
>socket which was not created with socketpair().

>I'm unsure what SO_PEERCRED is intended for; I used SO_PASSCRED in my
>server code, and it works.

Maybe I'm the only one on the planet interested in this subject, but
for posterity ... after browsing net/unix/af_unix.c, I see ...

Using SO_PEERCRED with getsockopt(2) reads an sk_peercred struct.  It
seems this data is available in the kernel, without the client sending
credentials as ancillary data.  In af_unix.c, unix_stream_connect and
unix_socketpair set this structure, but unix_dgram_connect does not.

So apparently, the socket(7) man page is accurate.  However, it could
mislead one towards a wrong conclusion ...

As I learned by trial and error, you CAN get user credentials on a
regular datagram socket by using SO_PASSCRED, you just have to do it
the hard way, with the client explicitly sending his credentials as
ancillary data.

Works for me ....


-- 
Webmail for Dialup Users
http://www.isp2dial.com/freeaccounts.html
 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ