This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: dumb question

To: drepper@cygnus.com (Ulrich Drepper)
Subject: Re: dumb question
From: Zack Weinberg <zack@rabi.phys.columbia.edu>
Date: Tue, 30 Jun 1998 12:12:08 -0400
cc: libc-hacker@cygnus.com, linux-kernel@vger.rutgers.edu

On 30 Jun 1998 08:52:50 -0700, Ulrich Drepper wrote:
>Zack Weinberg <zack@rabi.phys.columbia.edu> writes:
>
>> I want to use the BSD definition for the user-visible structure -- no
>> reason to introduce incompatibilities.
>> 
>> I'll try to get you a patch sometime today.
>
>OK, if the kernel has nothing to do with this we definitely should
>change the structs to match the user-level types.

I've got a preliminary implementation, but there are
kernel-side issues.  I'm cc:ing linux-kernel for input.

The Linux implementation of SCM_CREDENTIALS passes three values to the
receiver: pid, uid, gid.  The sender is expected to fill in those
fields; the kernel checks them to make sure they're not lying.  Uid
and gid can be any of the real, effective, or saved uid/gid.
Superuser can send arbitrary data.

The BSD implementation ignores what the sender passed in and supplies
the receiver with the pid, the real and effective uid, the real and
effective gid, and the first 15 entries in the supplementary groups
list.

It is possible to partially emulate the BSD implementation with the
Linux one.  However, much less information will be provided to the
receiver.  Further, having the kernel vet information provided by the
sender is just silly IMO, esp. when privileged processes are allowed
to lie about their identity.

So: would the kernel people be willing to change SCM_CREDENTIALS to
work the BSD way?  I don't think the Linux way has any installed base
of user code to speak of.

For reference, the structure provided by BSD:

#define CMGROUP_MAX 16
struct cmsgcred
{
    pid_t   cmcred_pid;             /* PID of sending process */
    uid_t   cmcred_uid;             /* real UID of sending process */
    uid_t   cmcred_euid;            /* effective UID of sending process */
    gid_t   cmcred_gid;             /* real GID of sending process */
    short   cmcred_ngroups;         /* number or groups */
    gid_t   cmcred_groups[CMGROUP_MAX];      /* groups.
						Note cmcred_groups[0]
						is effective GID. */
};

zw

Follow-Ups:
- Re: dumb question
  - From: alan@lxorguk.ukuu.org.uk (Alan Cox)

References:
- Re: dumb question
  - From: Ulrich Drepper <drepper@cygnus.com>

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]