unix.7: SO_PEERCRED: Mention listen(2)
Checks
Commit Message
From c835c1c7c7047590263cf6c6d516092b165e013d Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Wed, 20 Dec 2023 18:28:34 +0100
Subject: [PATCH] unix.7: SO_PEERCRED: Mention listen(2)
In case of connected AF_UNIX stream sockets, server-side
credentials are set at the time of a call to listen(2),
not when client-side calls connect(2).
This is important if server side process changes UID/GID
after listen(2) and before connect(2).
Reproducer is available in https://bugzilla.redhat.com/show_bug.cgi?id=2247682
Behavior was confirmed in the email thread
https://lore.kernel.org/linux-man/CABPeg3a9L0142gmdZZ+0hoD+Q3Vgv0BQ21g8Z+gf2kznWouErA@mail.gmail.com/
Signed-off-by: Alexey Tikhonov <atikhono@redhat.com>
---
man7/unix.7 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Wed, 20 Dec 2023 18:28:34 +0100
> In case of connected AF_UNIX stream sockets, server-side
> credentials are set at the time of a call to listen(2),
> not when client-side calls connect(2).
>
> This is important if server side process changes UID/GID
> after listen(2) and before connect(2).
>
> Reproducer is available in https://bugzilla.redhat.com/show_bug.cgi?id=2247682
>
> Behavior was confirmed in the email thread
> https://lore.kernel.org/linux-man/CABPeg3a9L0142gmdZZ+0hoD+Q3Vgv0BQ21g8Z+gf2kznWouErA@mail.gmail.com/
>
> Signed-off-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Thanks!
> ---
> man7/unix.7 | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/man7/unix.7 b/man7/unix.7
> index e9edad467..71cdfc758 100644
> --- a/man7/unix.7
> +++ b/man7/unix.7
> @@ -331,7 +331,8 @@ This read-only socket option returns the
> credentials of the peer process connected to this socket.
> The returned credentials are those that were in effect at the time
> of the call to
> -.BR connect (2)
> +.BR connect (2),
> +.BR listen (2),
> or
> .BR socketpair (2).
> .IP
> --
> 2.41.0
Hi Kuniyuki, Alexey,
On Thu, Dec 21, 2023 at 10:49:11AM +0900, Kuniyuki Iwashima wrote:
> From: Alexey Tikhonov <atikhono@redhat.com>
> Date: Wed, 20 Dec 2023 18:28:34 +0100
> > In case of connected AF_UNIX stream sockets, server-side
> > credentials are set at the time of a call to listen(2),
> > not when client-side calls connect(2).
> >
> > This is important if server side process changes UID/GID
> > after listen(2) and before connect(2).
> >
> > Reproducer is available in https://bugzilla.redhat.com/show_bug.cgi?id=2247682
> >
> > Behavior was confirmed in the email thread
> > https://lore.kernel.org/linux-man/CABPeg3a9L0142gmdZZ+0hoD+Q3Vgv0BQ21g8Z+gf2kznWouErA@mail.gmail.com/
> >
> > Signed-off-by: Alexey Tikhonov <atikhono@redhat.com>
>
> Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
>
> Thanks!
Thank you both for the patch and review!
Patch applied:
<https://www.alejandro-colomar.es/src/alx/linux/man-pages/man-pages.git/commit/?h=contrib&id=b34c2340657cfe467a0c2cde4933422bddf4348b>
Have a lovely day,
Alex
> > ---
> > man7/unix.7 | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/man7/unix.7 b/man7/unix.7
> > index e9edad467..71cdfc758 100644
> > --- a/man7/unix.7
> > +++ b/man7/unix.7
> > @@ -331,7 +331,8 @@ This read-only socket option returns the
> > credentials of the peer process connected to this socket.
> > The returned credentials are those that were in effect at the time
> > of the call to
> > -.BR connect (2)
> > +.BR connect (2),
> > +.BR listen (2),
> > or
> > .BR socketpair (2).
> > .IP
> > --
> > 2.41.0
From c835c1c7c7047590263cf6c6d516092b165e013d Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Wed, 20 Dec 2023 18:28:34 +0100
Subject: [PATCH] unix.7: SO_PEERCRED: Mention listen(2)
In case of connected AF_UNIX stream sockets, server-side
credentials are set at the time of a call to listen(2),
not when client-side calls connect(2).
This is important if server side process changes UID/GID
after listen(2) and before connect(2).
Reproducer is available in https://bugzilla.redhat.com/show_bug.cgi?id=2247682
Behavior was confirmed in the email thread
https://lore.kernel.org/linux-man/CABPeg3a9L0142gmdZZ+0hoD+Q3Vgv0BQ21g8Z+gf2kznWouErA@mail.gmail.com/
Signed-off-by: Alexey Tikhonov <atikhono@redhat.com>
---
man7/unix.7 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
@@ -331,7 +331,8 @@ This read-only socket option returns the
credentials of the peer process connected to this socket.
The returned credentials are those that were in effect at the time
of the call to
-.BR connect (2)
+.BR connect (2),
+.BR listen (2),
or
.BR socketpair (2).
.IP
--
2.41.0