From nobody Mon Apr 27 22:27:28 2026
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g4J8w398Xz6Zmh9
	for <bugs@mlmmj.nyi.freebsd.org>; Mon, 27 Apr 2026 22:27:28 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4g4J8w2LYpz3mRk
	for <bugs@FreeBSD.org>; Mon, 27 Apr 2026 22:27:28 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1777328848;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Jb7iFZj9Cu9Hb3HGHwKzqi/wCWCpTQ+HBWOeTgD9R2E=;
	b=V9Fs+MFJ2Q20Mg5+0tVSUnFRguRF6471UDyJpnhs6HKbHEBg1SZvtbhUV2KU3OkfM3+CeI
	IEckaAvfXzx31sM/fVKaaMVtHXw48TwPUFbLIz51BO8mns7zxUqiUxCG3miXWW7S/ryK14
	2RsGFwnKN96JV2teMivEPtE5DGZeFJBmr7FsIoC3LH17Xw6+SQC8FjC/8rq5onYHEHWZvV
	8opQPQqrVgaffi9ohMOkSZ6L2ZdkM6yzj+JDpfIQPjTY64ee7emolzSJ9SkF73K10ClFo3
	KPoZtixl7oE7FN9QO+AMGnD06aTlx5OKRU/RFT9DamHKQ/NDi1Fvf8MQOOhznQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1777328848; a=rsa-sha256; cv=none;
	b=HaTYZkYdgUvV1dXmtJKOgtfutNfWdaUe9VX4wWvoZh5UBl4kGjb/oZ86PXHDesPUKF3mBy
	p9sE01b2Qyekpoe5b/aY+OofvhKX7hD65bHEv/61I1Vp+NUiYNL9CIP+OG+9JeXZufOcbx
	ohGQCE3u5eUCIeKyrYUTYfAt/gvIJlRImxK9Nq1pi0K2KFFVR13RGlW0el6KDhYCMR9yml
	r+RySkHFubxTzUkJc9hlQZmDZ73xgrgj1H3mnUM0m90MJ1plnz0B9ksWh6qpSB92hinaD+
	OyDAqCu5rIx4DJb4gtAFChNJnghL3neb5ZWYoysgtLEWlE9ebzU39wilj51aZw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1777328848;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Jb7iFZj9Cu9Hb3HGHwKzqi/wCWCpTQ+HBWOeTgD9R2E=;
	b=jcSTwiSf+X3C7JJqDzNifbjT1kg4U8FBwpY0wQyvSdBCkPdT5Ju6PsDcbiGmL4Oo66Lbys
	Pt8lVp/KXQBbkdBcLFaCmOzAApv4ETLg00Xzp84qvPsVam1GZA83DID897730tBK2CEApb
	XAR+I/78iD0ntp+mETmgM3Pt4Q+NrNelZlMo1zbFfmo0kc10zaMzaOuQBJ14GIJ4vAgdBc
	DgLVsLgASibgdGFPuDiiQuFA2TJxvA/SlZRSRmVeVSpYDOxiXScR/PWqPiCojkSCF10a5b
	x4yR7rpCrBCI8D2aKf+zb2Htf5tcz84JDRdKc6xLq4HTs3sRLxl7YSz5n8eEHw==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4g4J8w1SxFz9x6
	for <bugs@FreeBSD.org>; Mon, 27 Apr 2026 22:27:28 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 63RMRRrd077377
	for <bugs@FreeBSD.org>; Mon, 27 Apr 2026 22:27:27 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 63RMRRNb077376
	for bugs@FreeBSD.org; Mon, 27 Apr 2026 22:27:27 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 294833] LOCAL_PEERCRED does not return cr_pid in 32-bit compat
 mode
Date: Mon, 27 Apr 2026 22:27:28 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 15.0-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: asomers@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-294833-227@https.bugs.freebsd.org/bugzilla/>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D294833

            Bug ID: 294833
           Summary: LOCAL_PEERCRED does not return cr_pid in 32-bit compat
                    mode
           Product: Base System
           Version: 15.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: asomers@FreeBSD.org

Background
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

The LOCAL_PEERCRED sockopt is supposed to return the credentials of the pro=
cess
that owns the peer side of a connection-oriented unix domain socket.  It
returns the peer's UID, GID, supplementary group list (up to 16), and pid.

Problem
=3D=3D=3D=3D=3D=3D=3D

When the sockopt is fetched by a 32-bit process running on a 64-bit kernel,=
 the
structure's size is defined differently for the process than it is for the
kernel.  The kernel fails to check that, and populates the structure as if =
it
were the 64-bit version.  The problem is the anonymous union in struct xucr=
ed
that contains a pointer.  The userspace process thinks that the union is 4
bytes large, but the kernel things that it's 8-bytes large.  As a result, t=
he
kernel will always populate the cr_pid field with 0.

Steps to Reproduce
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Build and run the attached program on a 64-bit host:

$ cc -m32 -o LOCAL_PEERCRED -Wall LOCAL_PEERCRED.c
$ ./LOCAL_PEERCRED
sizeof(struct xucred)=3D0x50
My pid =3D 0x192c
cr_uid=3D1000 cr_gid=3D1000 cr_pid=3D0
0000: 0000 0000 03e8 0000 0008 0000 03e8 0000
0010: 0000 0000 0005 0000 000d 0000 002c 0000
0020: 0074 0000 01be 0000 03e8 0000 0000 0000
0030: 0000 0000 0000 0000 0000 0000 0000 0000
0040: 0000 0000 0000 0000 0000 0000 0000 0000
0050: 192c 0000 0000 0000 c952 2059 0001 0000

Note that the kernel returns the correct pid (0x192c), but it returns it at
offset 0x50, which is beyond the end of the xucred struct.

--=20
You are receiving this mail because:
You are the assignee for the bug.=