Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 21 Feb 2007 16:49:30 -0800
From:      "Maksim Yevmenkin" <maksim.yevmenkin@gmail.com>
To:        "Iain Hibbert" <plunky@rya-online.net>
Cc:        freebsd-bluetooth@freebsd.org
Subject:   Re: obexapp 1.4.5
Message-ID:  <bb4a86c70702211649t61ffe2f3n88b4c54fd648d824@mail.gmail.com>
In-Reply-To: <1172096628.479674.24514.nullmailer@galant.ukfsn.org>
References:  <bb4a86c70701300920g47111252n9c50cef20221973a@mail.gmail.com> <bb4a86c70701301952y322a5174m762889c986986768@mail.gmail.com> <Pine.NEB.4.64.0702201732410.9463@localhost.> <1171997469.725737.13812.nullmailer@galant.ukfsn.org> <bb4a86c70702210955p59ee0a28i19ea12c87e48d86a@mail.gmail.com> <1172096628.479674.24514.nullmailer@galant.ukfsn.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 2/21/07, Iain Hibbert <plunky@rya-online.net> wrote:
> On Wed, 21 Feb 2007, Maksim Yevmenkin wrote:
> > well, the sdp_session_open() is called before setgid()/setuid() so
> > sdpd will mark this session as "privileged". once sdp session is open,
> > obexapp can drop its privileges and still be able to register service
> > with sdpd.
>
> I think the problem with my implementation of this is that the SCM_CREDS
> information is sent alongside the first normal message, and because that
> are not sent until after the setuid(), the credentials have changed..

ok

> As I recall, for PEER_CREDS, sdpd actively queries the remote credentials
> when as the socket is open - (it seems that a slight race condition could
> exist there, or are the credentials passed the ones that were used to open
> the socket?)

i do not think so, from kern/uipc_usrreq.c

...
                /*
                 * unp_peercred management:
                 *
                 * The connecter's (client's) credentials are copied from its
                 * process structure at the time of connect() (which is now).
                 */
                cru2x(td->td_ucred, &unp3->unp_peercred);
                unp3->unp_flags |= UNP_HAVEPC;
                /*
                 * The receiver's (server's) credentials are copied from the
                 * unp_peercred member of socket on which the former called
                 * listen(); unp_listen() cached that process's credentials
                 * at that time so we can use them now.
                 */
...

> I will look into this a bit more, maybe if I arrange to send() an zero
> length message before changing the uid it may work, though I'm not sure
> how well sdpd will handle that..

i'm not sure what are you suggesting

thanks,
max

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bb4a86c70702211649t61ffe2f3n88b4c54fd648d824>