Re: RFC: [PATCH] SCM_CREDS support 1(2)

[Samuel Thibault]

Svante Signell, le Wed 16 Oct 2013 00:46:54 +0200, a écrit :
> On Wed, 2013-10-16 at 00:42 +0200, Samuel Thibault wrote:
> > Svante Signell, le Wed 16 Oct 2013 00:40:18 +0200, a écrit :
> > > On Wed, 2013-10-16 at 00:28 +0200, Samuel Thibault wrote:
> > > > Svante Signell, le Tue 15 Oct 2013 10:33:12 +0200, a écrit :
> > > > > +       pids = __getpid();
> > > > > +       euids = __geteuid();
> > > > > +       auids = __getuid();
> > > > > +       egids = __getegid();
> > > > > +       agids = __getgid();
> > > > 
> > > > Err, which part of the protocol which check that these are actually the
> > > > proper value?  What prevents a process from lying its *uid and *gid
> > > > values?  That is part of what SCM_CREDS is supposed to provide.
> > > 
> > > checked by the check_auth() call, is that wrong?
> > 
> > But that is called on the sending side (sendmsg), not on the receiving
> > side (recvmsg), isn't it?
> 
> It can easily be moved to the receive side, I thought about that but did
> not write a FIXME entry in the patch. What is the real need of having it
> there, when it can be sorted out on the transmit side already?

Because the receiver does not trust the sender. It can only trust the
proc server.

Samuel