From owner-freebsd-net@FreeBSD.ORG  Sun Mar  6 12:05:15 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 76D6316A4CE
	for <freebsd-net@freebsd.org>; Sun,  6 Mar 2005 12:05:15 +0000 (GMT)
Received: from te-clan.ch (ns1.te-clan.ch [217.118.194.40])
	by mx1.FreeBSD.org (Postfix) with SMTP id 4843B43D53
	for <freebsd-net@freebsd.org>; Sun,  6 Mar 2005 12:05:14 +0000 (GMT)
	(envelope-from bachi@te-clan.ch)
Received: (qmail 66836 invoked from network); 6 Mar 2005 12:04:31 -0000
Received: from unknown (HELO notebook.bachi.net) (80.219.63.44)
  by te-clan.ch with SMTP; 6 Mar 2005 12:04:31 -0000
From: Andreas Bachmann <bachi@te-clan.ch>
To: Giorgos Keramidas <keramida@ceid.upatras.gr>
In-Reply-To: <20050306113602.GA72592@gothmog.gr>
References: <1110107067.2060.26.camel@notebook.bachi.net>
	 <20050306113602.GA72592@gothmog.gr>
Content-Type: text/plain
Date: Sun, 06 Mar 2005 13:05:10 +0100
Message-Id: <1110110710.2060.48.camel@notebook.bachi.net>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.3 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 7bit
cc: freebsd-net@freebsd.org
Subject: Re: static pid and uid for a socket?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Mar 2005 12:05:15 -0000

> AFAIK, this can only be done if the original process calls execve() on a
> setuid binary and has not marked the socket descriptor as close-on-exec.
i'm developing a gtk+ based equivalent to 'sockstat'.
when a user is proposed to run a process, which creates a socket, the
sockstat printout is for example:

USER   COMMAND LOCAL ADDRESS   FOREIGN ADDRESS
myuser myprog  10.0.0.10:52265 66.102.11.99:123

but, can the displayed kernel socket structure abrupty (by fork() or
setuid()) change user or process (because xfile.xf_uid or xfile.xf_pid
changed)?

greets

Andreas Bachmann