Date: Thu, 22 Apr 2021 07:54:26 +0300 From: Gleb Popov <arrowd@freebsd.org> To: Mark Millard <marklmi@yahoo.com> Cc: freebsd-hackers <freebsd-hackers@freebsd.org> Subject: Re: A bug with getsockopt(SOL_LOCAL, LOCAL_PEERCRED) ? Message-ID: <CALH631nrhyY%2BK3tPSwt1wuYHoZkz371UtjK%2BdG844RybtA2yKw@mail.gmail.com> In-Reply-To: <40116716-D8D9-438D-A168-B26A112D199E@yahoo.com> References: <CALH631kLCApctk4iQJj6br0Pzeb6qsh9g3jz_SA8hH91ftQGDQ@mail.gmail.com> <YHiQ6qEjS2w8uYpS@kib.kiev.ua> <CALH631=3hqvfraume467OM%2BqGqp854sGJFfhO8b61mF%2BkbsJ2Q@mail.gmail.com> <E6626DFC-2014-412C-AEA2-ECE57835B058@yahoo.com> <CALH631mi0xOQGjd6F3Beu_BQdqAx8RYCrbkUi524F8S4rwo1aA@mail.gmail.com> <40116716-D8D9-438D-A168-B26A112D199E@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 22, 2021 at 1:00 AM Mark Millard <marklmi@yahoo.com> wrote: > > On 2021-Apr-21, at 11:27, Gleb Popov <arrowd at freebsd.org> wrote: > > > > This makes sense, thanks. > > > > However, this code works on Linux and seems to return credentials of the > user that started the process. I actually stumbled upon this when porting > this code: > https://github.com/CollaboraOnline/online/blob/master/net/Socket.cpp#L805 > > > > Would it make sense if FreeBSD followed Linux semantics in this case? If > not, what are my options for porting the software? > > From what I can tell . . . > > FreeBSD defines LOCAL_PEERCRED and what goes with its use, not linux. > Linux defines SO_PEERCRED and what goes with its use, not FreeBSD. > > If I understand right, your code is incompatible with the referenced > CollaboraOnline code from just after the #else (so __FreeBSD__ case, > not the linux case): > > getsockopt(getFD(), 0, LOCAL_PEERCRED, &creds, &credSize) > vs. your: > getsockopt(s, SOL_LOCAL, LOCAL_PEERCRED, &creds, &credSize) > > Note the 0 vs. the SOL_LOCAL. Your code is a mix of Linux > and FreeBSD code when it should not be. > SOL_LOCAL is defined to 0, so this is fine. > See also the following that involved replacing a SOL_LOCAL > with a 0 for getsockopt used with LOCAL_PEERCRED: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234722 > > Yes, I'm aware that Linux SO_PEERCRED operates on socket level, while ours operates on level 0. This is taken in account in the code I posted. As I said, the error stems from the fact that Linux allows getting creds from the listening socket.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALH631nrhyY%2BK3tPSwt1wuYHoZkz371UtjK%2BdG844RybtA2yKw>