Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Jul 2014 12:15:54 +0200
From: Sebastian Krahmer <krahmer@...e.de>
To: oss-security@...ts.openwall.com
Subject: Linux peer_cred Mischmasch

Hi

There seem to be some inconsistencies in the handling of peer credentials
on UNIX sockets. I checked kernel 3.15.1 and runtime-tested on a 3.11.10.

While maybe_add_creds() (via SOCK_PASSCRED) and scm_send()
(via unix_{stream,dgram}_sendmsg()) use the real UID,

cred_to_ucred() (via SO_PEERCRED) passes the EUID (this time
also kuid_munged()).

That should probably being consolidated and in particular its unclear
to me why one time you need kuid munging and onother time you dont.


Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ