kern/90800: [patch] it is possible to fake credentials in
LOCAL_CREDS
Andrey Simonenko
simon at comsys.ntu-kpi.kiev.ua
Mon Dec 26 01:40:06 PST 2005
The following reply was made to PR kern/90800; it has been noted by GNATS.
From: Andrey Simonenko <simon at comsys.ntu-kpi.kiev.ua>
To: Maxim Konovalov <maxim at macomnet.ru>
Cc: bug-followup at freebsd.org
Subject: Re: kern/90800: [patch] it is possible to fake credentials in LOCAL_CREDS
Date: Mon, 26 Dec 2005 11:26:22 +0200
On Thu, Dec 22, 2005 at 03:08:58PM +0300, Maxim Konovalov wrote:
> Andrey, very detailed and useful PR. Any chances you integrate your
> tests to the existent regression tests for unix-domain sockets
> (src/tools/regression/sockets) or create a new one? Don't forget
> about kern/90644 :-)
I implemented following tests:
Available tests for stream sockets:
1: Sending, receiving cmsgcred
2: Receiving sockcred (listening socket has LOCAL_CREDS)
3: Receiving sockcred (accepted socket has LOCAL_CREDS)
4: Sending cmsgcred, receiving sockcred
Available tests for datagram sockets:
1: Sending, receiving cmsgcred
2: Receiving sockcred
3: Sending cmsgcred, receiving sockcred
And found following problems on FreeBSD 6.0 (not including problems
I reported about):
* Struct sockcred{} in sc_groups[0] has EGID. This is wrong since
struct sockcred{} already has sc_egid. NetBSD 2.0, does not include
EGID in sc_groups. This problem is easy to correct. In FreeBSD
in struct cmsgcred{} in cmcred_groups[0] has EGID, but struct
cmsgcred{} does not have field with EGID.
* PF_LOCAL,SOCK_DGRAM sockets do not support LOCAL_CREDS option,
because they do not have pr_ctloutput. On NetBSD 2.0 it is possible
to set LOCAL_CREDS option for datagram sockets.
(I compare current implementation with NetBSD 2.0 one, since LOCAL_CREDS
option also exists there)
These tests are available here:
http://www.comsys.ntu-kpi.kiev.ua/~simon/local_cmsg/
MD5 (local_cmsg-20051226.tar.bz2) = c011e86c2020bbcbd8e93286896e2d4d
More information about the freebsd-bugs
mailing list