Date: Tue, 17 Dec 1996 00:38:30 -0500 (EST) From: Bill Paul <wpaul@skynet.ctr.columbia.edu> To: phk@critter.tfs.com (Poul-Henning Kamp) Cc: current@freebsd.org Subject: Re: Plan for integrating Secure RPC -- comments wanted Message-ID: <199612170538.AAA01464@skynet.ctr.columbia.edu> In-Reply-To: <12149.850751059@critter.tfs.com> from "Poul-Henning Kamp" at Dec 16, 96 04:44:19 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Of all the gin joints in all the towns in all the world, Poul-Henning Kamp had to walk into mine and say: [chop] > >> For the issue of authenticated local transport: > >> > >> Instead of an LKM, put the code in the kernel. It shouldn't be too > >> hard to make it a getsockopt() instead of a LKM. > > > >I'll check into this. I don't really consider myself an advanced > >enough kernel hacker for this, but maybe I'll get lucky. > > Hey, you're talking about makeing LKM's all the time :-) Okay, on your advice, I tried this. I added a new option called SO_PEERUID and it works (I also made it scan the global list of open file descriptors to get the creds of the remote process so the caller doesn't need to specify the PID of the remote process). But while testing I noticed something which I think is a bug. For giggles, I tried calling getsockopt() like this: int optlen; int optval; int sock; int rval; optlen = sizeof(optval); rval = getsockopt(sock, SOL_SOCKET, SO_PEERUID, NULL, &optlen); /* ^^^^ */ /* deliberate bug: should be &optval */ According to the man page, getsockopt() should return EFAULT if optval or optlen aren't within the process's address space. Well, NULL is not within the process's address space, so I should get an error here, but I don't. If I do something equally silly like use -1 instead of NULL, then I get an EFAULT as expected. With NULL, the getsockopt() call doesn't do anything, but it returns an rval of 0 and doesn't set errno. Looking at the getsockopt() code, it seems like it short-circuits the uap->val (i.e. optval) == NULL case on purpose and doesn't return an error. Am I nuts, or is this a bug? -Bill -- ============================================================================= -Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ============================================================================= "It is not I who am crazy; it is I who am mad!" - Ren Hoek, "Space Madness" =============================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612170538.AAA01464>