[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7575) Fixed send_cli_cred on platforms that do not support such functions

tedcheng@symas.com writes:
> URL: https://dl.dropboxusercontent.com/u/94235048/fix_send_cli_cred.patch
> Importing fix from Symas #2230:
> On platforms, such as Solaris 8, that do not support functions for getting
> client credential, client sends a message and fd for server to derive euid/egid.
> The server-side logic for deriving client credential was buggy.
> This patch introduces sockaddr_un_cmp() to compare the socket path names,
> ignoring redundant "/" in the path, and only checks S_IFIFO mode. This patch has
> been tested on Solaris 8 and regression-tested fine on Solaris 10.

This patch is wrong:

- You cannot trust the path which the client wrote to the socket *by
  hand* (label sendcred: in libldap/os-local.c:ldap_pvt_connect()), if
  someone else than the owner and root has write access to the socket.

  Could comment that in getpeereid.c, to prevent such a future patch.

- An initial "//" is significant on some systems and must not match "/".
  Posix does not guarantee that sun_path[] is \0-terminated.

  What problem is the complicated compare solving?  Why not require that
  the user spells the path like the server does, similar to how TLS
  hostnames must be spelled the same way?  You are not catching all
  possible spellings of the path anyway: YOu do not reduce "/./" to "/"
  and must not reduce "foo/../ to "" since foo can be a symlink.