From patchwork Wed Dec 20 18:05:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Tikhonov X-Patchwork-Id: 82600 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 4A136386480A for ; Wed, 20 Dec 2023 18:06:02 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id AC9103858C41 for ; Wed, 20 Dec 2023 18:05:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AC9103858C41 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org AC9103858C41 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703095549; cv=none; b=pU3/XhMzTcorjgcbt+twqxyabX3r0WLIr3Om0rR7N6igHtZ9BzgcLjk6xZiLv57M17HC/qmHcQb6qORsAQxHGYsZl9dJ6vRyiBqltQLSjUElB5LK88LOarxChvHklH72Nh19XmvG1blcM9tJ0c+eqdJf9sNI6OBdkEiQlPd4bYs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703095549; c=relaxed/simple; bh=iVBFHALpTnTEWLQl+lkjw8TsPBhUiOwGsbiZ86o/M+k=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=r7ZTKT92CxshzlMKk4oM6DpCnuKH1OpLmU1N4XXti+68GF9MXbw31F+oGB/jZSzEAR0/yeLg8wxgo/UhmDwnaf2fejq181GLCL2IVAP6IJAHZZk7Bx2m/E4m5YwUjX6avdsOXnlKE5qsKWcEkG/Q/YXnGyiLH9Ds9qZshST1S3w= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1703095547; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=OTSjPsK80rLzK7efVaWHnsIacvhebfXLASCnL2BhEs8=; b=dYMgD8y8VZsqcxzUdxroul/5gqFfLhPQhy9OvAb99gjsMZQvP8qqMh9uESWJvy9BaqUqpz Ru8Z4ZuFaG8XJ7BQVuI/iOhMR8p2DuvPDKYZYmFQbY/HqJ/HPVJW6uglmHpRkUxLDgRDYn BM703gUMH9BYmd2BxcYdRBzIwVRFGOY= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-660-VW-j7PlGMQqiWSOMdCYrCg-1; Wed, 20 Dec 2023 13:05:44 -0500 X-MC-Unique: VW-j7PlGMQqiWSOMdCYrCg-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-a2693cdfcc7so48489366b.2 for ; Wed, 20 Dec 2023 10:05:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703095542; x=1703700342; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OTSjPsK80rLzK7efVaWHnsIacvhebfXLASCnL2BhEs8=; b=luvbDmXgcYW5wkAgvnqB4QoNRIfztqNRBNZnkaSUp7KO4c/PC+QyxJVMSzvWKVtN9K ypfZacS3DHvthin+QvOK8kEodKZWJ80huLT5gaTZwWiStCQujgJn+kmy4XlIW/2PL1rG nGvHTlXxwhLAMbs1cLrRlSUW9sUB9oFPWJH5PwgV083ivnL0ydRRpgVDp9gTNvMGIbYk ghcBYlqMW0FHGlEOIrI+Pii2E5o0ACcKPlWY5vzMQ4E9JdTs0cVBQuSHJS2wkoflbbIi FxIKrdiFdCgs15fOlLwCc38Hg4WeibBbjcRdms8SRfU9F5NRGzHYjUbB7FXgYP/lcg8g U0aA== X-Gm-Message-State: AOJu0YzfMOK7gDELOnLpVezYi2C2xSkInRQQPzC3crVVXXExPyEB1YQA sv4k2zorWcf0jVtwGXwP4hlUiTbkmjTfFdIPBNLGX5C2ir6rwGKKwj10YP2WKVyK1BbbYeYN/AH aOQC0Y/AksJU7O6D9LBxqVBthUlCyKes7tZoo3+vJPi69YaM= X-Received: by 2002:a17:906:a016:b0:a1c:616e:cdd2 with SMTP id p22-20020a170906a01600b00a1c616ecdd2mr8303555ejy.35.1703095542552; Wed, 20 Dec 2023 10:05:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IG7mMxYiBLFM5r+eyFQjeYOHSQv41rO7AqFlxyXLTTMXLaAbTfP/3Nws81lWCW1uFrUs5duMA6cp+LIMnysyow= X-Received: by 2002:a17:906:a016:b0:a1c:616e:cdd2 with SMTP id p22-20020a170906a01600b00a1c616ecdd2mr8303548ejy.35.1703095542283; Wed, 20 Dec 2023 10:05:42 -0800 (PST) MIME-Version: 1.0 References: <20231201220743.32491-1-kuniyu@amazon.com> In-Reply-To: From: Alexey Tikhonov Date: Wed, 20 Dec 2023 19:05:31 +0100 Message-ID: Subject: [patch] unix.7: SO_PEERCRED: Mention listen(2) To: Alejandro Colomar , linux-man@vger.kernel.org Cc: libc-alpha@sourceware.org, netdev@vger.kernel.org, Kuniyuki Iwashima X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-10.4 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org From c835c1c7c7047590263cf6c6d516092b165e013d Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Wed, 20 Dec 2023 18:28:34 +0100 Subject: [PATCH] unix.7: SO_PEERCRED: Mention listen(2) In case of connected AF_UNIX stream sockets, server-side credentials are set at the time of a call to listen(2), not when client-side calls connect(2). This is important if server side process changes UID/GID after listen(2) and before connect(2). Reproducer is available in https://bugzilla.redhat.com/show_bug.cgi?id=2247682 Behavior was confirmed in the email thread https://lore.kernel.org/linux-man/CABPeg3a9L0142gmdZZ+0hoD+Q3Vgv0BQ21g8Z+gf2kznWouErA@mail.gmail.com/ Signed-off-by: Alexey Tikhonov --- man7/unix.7 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) From c835c1c7c7047590263cf6c6d516092b165e013d Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Wed, 20 Dec 2023 18:28:34 +0100 Subject: [PATCH] unix.7: SO_PEERCRED: Mention listen(2) In case of connected AF_UNIX stream sockets, server-side credentials are set at the time of a call to listen(2), not when client-side calls connect(2). This is important if server side process changes UID/GID after listen(2) and before connect(2). Reproducer is available in https://bugzilla.redhat.com/show_bug.cgi?id=2247682 Behavior was confirmed in the email thread https://lore.kernel.org/linux-man/CABPeg3a9L0142gmdZZ+0hoD+Q3Vgv0BQ21g8Z+gf2kznWouErA@mail.gmail.com/ Signed-off-by: Alexey Tikhonov --- man7/unix.7 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/man7/unix.7 b/man7/unix.7 index e9edad467..71cdfc758 100644 --- a/man7/unix.7 +++ b/man7/unix.7 @@ -331,7 +331,8 @@ This read-only socket option returns the credentials of the peer process connected to this socket. The returned credentials are those that were in effect at the time of the call to -.BR connect (2) +.BR connect (2), +.BR listen (2), or .BR socketpair (2). .IP -- 2.41.0