[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7575) Fixed send_cli_cred on platforms that do not support such functions

Ted C. Cheng writes:
> I have revised the patch to (1) initialize rname buffer, (2) ignore 
> the comparison "llen == rlen",

Might be OK, but...

> (3) compare st.st_mode only against S_IFIFO, but not S_ISUID|S_IRWXU.

No.  You're getting proper use to work on Solaris, but that's the easy
part.  That fchmod and corresponding mode test is there for a reason:
The code must also reject attempts to impersonate other users or groups.
A user could find and open a named socket/pipe owned by some other user,
or start someone's setuid program which opens a Unix domain socket and
then runs his program as his own user, or something like that.  I don't
remember exactly.  But OSes and OS releases differ about which of these
impersonation attempts might work if this code were insufficiently
paranoid, so you have quite some exporation work ahead of you if you
want to tweak this FD passing safely.

You can instead look for a mechanism with built-in credential passing,
apparently like Solaris "doors".  Or look at what some other well-tested
and portable package does and suggest we steal its code.  Or live with
the fact that SASL/EXTERNAL over ldapi:// is supported on your platform.

> The socket path comparison demands full-path match, e.g.,
> "/var/suum/run/socket" won't match against "/var/suum/run//socket".