Hello Alexey, On Fri, Dec 01, 2023 at 01:16:27PM +0100, Alexey Tikhonov wrote: > Hello. > > There is a discrepancy between the man page description of > 'SO_PEERCRED' and real behavior. > > `man 7 unix` states: > ``` > SO_PEERCRED > This read-only socket option returns the credentials of > the peer process connected to this socket. The returned > credentials are those that were in effect at the time of > the call to connect(2) or socketpair(2). > ``` > > This doesn't match real behavior in following situation (just an example): > - process starts with uid=0, gid=0 > - process creates UNIX socket, binds it, listens on it > - process changes to uid=uid1, git=gid1 (using `setresuid()`, `setresgid()`) > - another process connects to the listening socket and requests > peer's credentials using `getsockopt(... SOL_SOCKET, SO_PEERCRED ...)` > > According to the man page: SO_PEERCRED should report (uid1, gid1), > because peer process was running under (uid1, gid1) "at the time of > the call to connect(2)" > In reality SO_PEERCRED reports (0, 0) > Reproducing code is available in > https://bugzilla.redhat.com/show_bug.cgi?id=2247682 > > I'm not entirely sure if this is a real bug or rather a poor > description in the man page, but I tend to think that it's the latter. I've CCed netdev@, since they probably know better. Thanks, Alex -- <https://www.alejandro-colomar.es/>
Attachment:
signature.asc
Description: PGP signature
