A bug with getsockopt(SOL_LOCAL, LOCAL_PEERCRED) ?
Konstantin Belousov
kostikbel at gmail.com
Thu Apr 22 10:33:41 UTC 2021
On Thu, Apr 22, 2021 at 07:54:26AM +0300, Gleb Popov wrote:
> On Thu, Apr 22, 2021 at 1:00 AM Mark Millard <marklmi at yahoo.com> wrote:
>
> >
> > On 2021-Apr-21, at 11:27, Gleb Popov <arrowd at freebsd.org> wrote:
> > >
> > > This makes sense, thanks.
> > >
> > > However, this code works on Linux and seems to return credentials of the
> > user that started the process. I actually stumbled upon this when porting
> > this code:
> > https://github.com/CollaboraOnline/online/blob/master/net/Socket.cpp#L805
> > >
> > > Would it make sense if FreeBSD followed Linux semantics in this case? If
> > not, what are my options for porting the software?
> >
> > From what I can tell . . .
> >
> > FreeBSD defines LOCAL_PEERCRED and what goes with its use, not linux.
> > Linux defines SO_PEERCRED and what goes with its use, not FreeBSD.
> >
> > If I understand right, your code is incompatible with the referenced
> > CollaboraOnline code from just after the #else (so __FreeBSD__ case,
> > not the linux case):
> >
> > getsockopt(getFD(), 0, LOCAL_PEERCRED, &creds, &credSize)
> > vs. your:
> > getsockopt(s, SOL_LOCAL, LOCAL_PEERCRED, &creds, &credSize)
> >
> > Note the 0 vs. the SOL_LOCAL. Your code is a mix of Linux
> > and FreeBSD code when it should not be.
> >
>
> SOL_LOCAL is defined to 0, so this is fine.
>
>
> > See also the following that involved replacing a SOL_LOCAL
> > with a 0 for getsockopt used with LOCAL_PEERCRED:
> >
> > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234722
> >
> >
> Yes, I'm aware that Linux SO_PEERCRED operates on socket level, while ours
> operates on level 0. This is taken in account
> in the code I posted.
>
> As I said, the error stems from the fact that Linux allows getting creds
> from the listening socket.
There is no peer for listening socket.
Show minimal code that works for you on Linux.
More information about the freebsd-hackers
mailing list