Date: Thu, 2 Jan 1997 02:10:22 -0500 (EST) From: Bill Paul <wpaul@skynet.ctr.columbia.edu> To: proff@iq.org (Julian Assange) Cc: hackers@freebsd.org Subject: Re: struct file locking Message-ID: <199701020710.CAA09967@skynet.ctr.columbia.edu> In-Reply-To: <199701012224.JAA06593@profane.iq.org> from "Julian Assange" at Jan 2, 97 09:24:38 am
next in thread | previous in thread | raw e-mail | index | archive | help
Of all the gin joints in all the towns in all the world, Julian Assange
had to walk into mine and say:
> I am expanding the inet/socket code to permit firewall entries
> based on uid/gid. I have an aesthetic issue and one locking
> issue.
>
> I need to pass socket credential information into ip_output. There
> are two ways of doing this. I can add a back-pointer to the socket
> structure from the struct ipoption mbuf, or I can add an extra
> parameter to ip_output. I am inclinded towards the first option,
> for source-level compatability reasons.
>
> In the socket structure I intend to create a back-pointer to
> originating struct file's->u_cred. What do I need to do to insure
> these last two structures are reliably locked and in memory?
>
> Cheers,
> Julian.
I have a question.
Say you have the following series of events:
- A process creates a socket.
o You now have a struct socket.
o You also have a struct file that references the socket, and that
points to the ucred of the process.
- The process forks.
o Now the child and the parent refer to the same socket.
- The child does a setuid() to some other UID.
o You still only have one socket.
What happens now? You have one socket referenced by two proccesses
with different credentials (I think -- not sure what happens to the
credentials in inherited descriptors when a process does a setuid()).
This is kind of an odd situation; you probably don't want both processes
reading or writing to the same socket, but in theory they could, so
you need to account for this somehow.
Assuming you can get at both sets of credentials, how do you know which
ones to use?
-Bill
--
=============================================================================
-Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu
Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research
Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City
=============================================================================
"It is not I who am crazy; it is I who am mad!" - Ren Hoek, "Space Madness"
=============================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701020710.CAA09967>