On Fri, Jul 3, 2015 at 8:09 AM, Marcin Niesluchowski <m.niesluchow@xxxxxxxxxxx> wrote: > > * Message credibility: Lets imagine simple service which collects logs via > unix sockets. There is no reliable way of identifying logging process. > getsockopt() with SO_PEERCRED option would give pid form cred structure, but > according to manual it may not be of actual logging process: > "The returned credentials are those that were in effect at the time of the > call to connect(2) or socketpair(2)." > - select(7) There's SCM_CREDENTIALS, which is dangerous, but it's dangerous in exactly the same way that your patches are dangerous. You're collecting PID/TID when write(2) is called, and it's very easy to get another process to call write(2) on your behalf, because write(2) isn't supposed to collect credentials. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
