A bug with getsockopt(SOL_LOCAL, LOCAL_PEERCRED) ?
Gleb Popov
arrowd at freebsd.org
Thu Apr 22 04:54:56 UTC 2021
On Thu, Apr 22, 2021 at 1:00 AM Mark Millard <marklmi at yahoo.com> wrote:
>
> On 2021-Apr-21, at 11:27, Gleb Popov <arrowd at freebsd.org> wrote:
> >
> > This makes sense, thanks.
> >
> > However, this code works on Linux and seems to return credentials of the
> user that started the process. I actually stumbled upon this when porting
> this code:
> https://github.com/CollaboraOnline/online/blob/master/net/Socket.cpp#L805
> >
> > Would it make sense if FreeBSD followed Linux semantics in this case? If
> not, what are my options for porting the software?
>
> From what I can tell . . .
>
> FreeBSD defines LOCAL_PEERCRED and what goes with its use, not linux.
> Linux defines SO_PEERCRED and what goes with its use, not FreeBSD.
>
> If I understand right, your code is incompatible with the referenced
> CollaboraOnline code from just after the #else (so __FreeBSD__ case,
> not the linux case):
>
> getsockopt(getFD(), 0, LOCAL_PEERCRED, &creds, &credSize)
> vs. your:
> getsockopt(s, SOL_LOCAL, LOCAL_PEERCRED, &creds, &credSize)
>
> Note the 0 vs. the SOL_LOCAL. Your code is a mix of Linux
> and FreeBSD code when it should not be.
>
SOL_LOCAL is defined to 0, so this is fine.
> See also the following that involved replacing a SOL_LOCAL
> with a 0 for getsockopt used with LOCAL_PEERCRED:
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234722
>
>
Yes, I'm aware that Linux SO_PEERCRED operates on socket level, while ours
operates on level 0. This is taken in account
in the code I posted.
As I said, the error stems from the fact that Linux allows getting creds
from the listening socket.
More information about the freebsd-hackers
mailing list