Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 27 Apr 2026 22:27:28 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 294833] LOCAL_PEERCRED does not return cr_pid in 32-bit compat mode
Message-ID:  <bug-294833-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294833

            Bug ID: 294833
           Summary: LOCAL_PEERCRED does not return cr_pid in 32-bit compat
                    mode
           Product: Base System
           Version: 15.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: asomers@FreeBSD.org

Background
==========

The LOCAL_PEERCRED sockopt is supposed to return the credentials of the process
that owns the peer side of a connection-oriented unix domain socket.  It
returns the peer's UID, GID, supplementary group list (up to 16), and pid.

Problem
=======

When the sockopt is fetched by a 32-bit process running on a 64-bit kernel, the
structure's size is defined differently for the process than it is for the
kernel.  The kernel fails to check that, and populates the structure as if it
were the 64-bit version.  The problem is the anonymous union in struct xucred
that contains a pointer.  The userspace process thinks that the union is 4
bytes large, but the kernel things that it's 8-bytes large.  As a result, the
kernel will always populate the cr_pid field with 0.

Steps to Reproduce
==================

Build and run the attached program on a 64-bit host:

$ cc -m32 -o LOCAL_PEERCRED -Wall LOCAL_PEERCRED.c
$ ./LOCAL_PEERCRED
sizeof(struct xucred)=0x50
My pid = 0x192c
cr_uid=1000 cr_gid=1000 cr_pid=0
0000: 0000 0000 03e8 0000 0008 0000 03e8 0000
0010: 0000 0000 0005 0000 000d 0000 002c 0000
0020: 0074 0000 01be 0000 03e8 0000 0000 0000
0030: 0000 0000 0000 0000 0000 0000 0000 0000
0040: 0000 0000 0000 0000 0000 0000 0000 0000
0050: 192c 0000 0000 0000 c952 2059 0001 0000

Note that the kernel returns the correct pid (0x192c), but it returns it at
offset 0x50, which is beyond the end of the xucred struct.

-- 
You are receiving this mail because:
You are the assignee for the bug.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-294833-227>