diff mbox series

unix.7: SO_PEERCRED: Mention listen(2)

Message ID CABPeg3Z5p2yapwEwPdHqDZiDL-W_gVgMc39A0Kdd95LNd+OwHA@mail.gmail.com
State Not applicable
Headers
Series unix.7: SO_PEERCRED: Mention listen(2) |

Checks

Context Check Description
redhat-pt-bot/TryBot-apply_patch fail Patch failed to apply to master at the time it was sent
redhat-pt-bot/TryBot-32bit fail Patch series failed to apply

Commit Message

Alexey Tikhonov Dec. 20, 2023, 6:05 p.m. UTC 
  From c835c1c7c7047590263cf6c6d516092b165e013d Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Wed, 20 Dec 2023 18:28:34 +0100
Subject: [PATCH] unix.7: SO_PEERCRED: Mention listen(2)

In case of connected AF_UNIX stream sockets, server-side
credentials are set at the time of a call to listen(2),
not when client-side calls connect(2).

This is important if server side process changes UID/GID
after listen(2) and before connect(2).

Reproducer is available in https://bugzilla.redhat.com/show_bug.cgi?id=2247682

Behavior was confirmed in the email thread
https://lore.kernel.org/linux-man/CABPeg3a9L0142gmdZZ+0hoD+Q3Vgv0BQ21g8Z+gf2kznWouErA@mail.gmail.com/

Signed-off-by: Alexey Tikhonov <atikhono@redhat.com>
---
 man7/unix.7 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Kuniyuki Iwashima Dec. 21, 2023, 1:49 a.m. UTC | #1 
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Wed, 20 Dec 2023 18:28:34 +0100
> In case of connected AF_UNIX stream sockets, server-side
> credentials are set at the time of a call to listen(2),
> not when client-side calls connect(2).
> 
> This is important if server side process changes UID/GID
> after listen(2) and before connect(2).
> 
> Reproducer is available in https://bugzilla.redhat.com/show_bug.cgi?id=2247682
> 
> Behavior was confirmed in the email thread
> https://lore.kernel.org/linux-man/CABPeg3a9L0142gmdZZ+0hoD+Q3Vgv0BQ21g8Z+gf2kznWouErA@mail.gmail.com/
> 
> Signed-off-by: Alexey Tikhonov <atikhono@redhat.com>

Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>

Thanks!


> ---
>  man7/unix.7 | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/man7/unix.7 b/man7/unix.7
> index e9edad467..71cdfc758 100644
> --- a/man7/unix.7
> +++ b/man7/unix.7
> @@ -331,7 +331,8 @@ This read-only socket option returns the
>  credentials of the peer process connected to this socket.
>  The returned credentials are those that were in effect at the time
>  of the call to
> -.BR connect (2)
> +.BR connect (2),
> +.BR listen (2),
>  or
>  .BR socketpair (2).
>  .IP
> -- 
> 2.41.0
Alejandro Colomar Dec. 21, 2023, 12:15 p.m. UTC | #2 
Hi Kuniyuki, Alexey,

On Thu, Dec 21, 2023 at 10:49:11AM +0900, Kuniyuki Iwashima wrote:
> From: Alexey Tikhonov <atikhono@redhat.com>
> Date: Wed, 20 Dec 2023 18:28:34 +0100
> > In case of connected AF_UNIX stream sockets, server-side
> > credentials are set at the time of a call to listen(2),
> > not when client-side calls connect(2).
> > 
> > This is important if server side process changes UID/GID
> > after listen(2) and before connect(2).
> > 
> > Reproducer is available in https://bugzilla.redhat.com/show_bug.cgi?id=2247682
> > 
> > Behavior was confirmed in the email thread
> > https://lore.kernel.org/linux-man/CABPeg3a9L0142gmdZZ+0hoD+Q3Vgv0BQ21g8Z+gf2kznWouErA@mail.gmail.com/
> > 
> > Signed-off-by: Alexey Tikhonov <atikhono@redhat.com>
> 
> Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
> 
> Thanks!

Thank you both for the patch and review!

Patch applied:
<https://www.alejandro-colomar.es/src/alx/linux/man-pages/man-pages.git/commit/?h=contrib&id=b34c2340657cfe467a0c2cde4933422bddf4348b>

Have a lovely day,
Alex

> > ---
> >  man7/unix.7 | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/man7/unix.7 b/man7/unix.7
> > index e9edad467..71cdfc758 100644
> > --- a/man7/unix.7
> > +++ b/man7/unix.7
> > @@ -331,7 +331,8 @@ This read-only socket option returns the
> >  credentials of the peer process connected to this socket.
> >  The returned credentials are those that were in effect at the time
> >  of the call to
> > -.BR connect (2)
> > +.BR connect (2),
> > +.BR listen (2),
> >  or
> >  .BR socketpair (2).
> >  .IP
> > -- 
> > 2.41.0
diff mbox series

Patch

From c835c1c7c7047590263cf6c6d516092b165e013d Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Wed, 20 Dec 2023 18:28:34 +0100
Subject: [PATCH] unix.7: SO_PEERCRED: Mention listen(2)

In case of connected AF_UNIX stream sockets, server-side
credentials are set at the time of a call to listen(2),
not when client-side calls connect(2).

This is important if server side process changes UID/GID
after listen(2) and before connect(2).

Reproducer is available in https://bugzilla.redhat.com/show_bug.cgi?id=2247682

Behavior was confirmed in the email thread
https://lore.kernel.org/linux-man/CABPeg3a9L0142gmdZZ+0hoD+Q3Vgv0BQ21g8Z+gf2kznWouErA@mail.gmail.com/

Signed-off-by: Alexey Tikhonov <atikhono@redhat.com>
---
 man7/unix.7 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/man7/unix.7 b/man7/unix.7
index e9edad467..71cdfc758 100644
--- a/man7/unix.7
+++ b/man7/unix.7
@@ -331,7 +331,8 @@  This read-only socket option returns the
 credentials of the peer process connected to this socket.
 The returned credentials are those that were in effect at the time
 of the call to
-.BR connect (2)
+.BR connect (2),
+.BR listen (2),
 or
 .BR socketpair (2).
 .IP
-- 
2.41.0