Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 26 Dec 2005 09:40:05 GMT
From:      Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: kern/90800: [patch] it is possible to fake credentials in LOCAL_CREDS
Message-ID:  <200512260940.jBQ9e5bH013673@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

The following reply was made to PR kern/90800; it has been noted by GNATS.

From: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
To: Maxim Konovalov <maxim@macomnet.ru>
Cc: bug-followup@freebsd.org
Subject: Re: kern/90800: [patch] it is possible to fake credentials in LOCAL_CREDS
Date: Mon, 26 Dec 2005 11:26:22 +0200

 On Thu, Dec 22, 2005 at 03:08:58PM +0300, Maxim Konovalov wrote:
 > Andrey, very detailed and useful PR.  Any chances you integrate your
 > tests to the existent regression tests for unix-domain sockets
 > (src/tools/regression/sockets) or create a new one?  Don't forget
 > about kern/90644 :-)
 
 I implemented following tests:
 
  Available tests for stream sockets:
    1: Sending, receiving cmsgcred
    2: Receiving sockcred (listening socket has LOCAL_CREDS)
    3: Receiving sockcred (accepted socket has LOCAL_CREDS)
    4: Sending cmsgcred, receiving sockcred
 
  Available tests for datagram sockets:
    1: Sending, receiving cmsgcred
    2: Receiving sockcred
    3: Sending cmsgcred, receiving sockcred
 
 And found following problems on FreeBSD 6.0 (not including problems
 I reported about):
 
 * Struct sockcred{} in sc_groups[0] has EGID.  This is wrong since
   struct sockcred{} already has sc_egid.  NetBSD 2.0, does not include
   EGID in sc_groups.  This problem is easy to correct.  In FreeBSD
   in struct cmsgcred{} in cmcred_groups[0] has EGID, but struct
   cmsgcred{} does not have field with EGID.
 
 * PF_LOCAL,SOCK_DGRAM sockets do not support LOCAL_CREDS option,
   because they do not have pr_ctloutput.  On NetBSD 2.0 it is possible
   to set LOCAL_CREDS option for datagram sockets.
 
 (I compare current implementation with NetBSD 2.0 one, since LOCAL_CREDS
 option also exists there)
 
 These tests are available here:
 
 http://www.comsys.ntu-kpi.kiev.ua/~simon/local_cmsg/
 MD5 (local_cmsg-20051226.tar.bz2) = c011e86c2020bbcbd8e93286896e2d4d

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512260940.jBQ9e5bH013673>