Re: RFC: [PATCH] SCM_CREDS support 1(2)

To: bug-hurd@gnu.org, debian-hurd <debian-hurd@lists.debian.org>
Cc: Samuel Thibault <samuel.thibault@gnu.org>
Subject: Re: RFC: [PATCH] SCM_CREDS support 1(2)
From: Svante Signell <svante.signell@gmail.com>
Date: Wed, 16 Oct 2013 09:50:27 +0200
Message-id: <[🔎] 1381909827.20538.0.camel@G3620.my.own.domain>
Reply-to: svante.signell@gmail.com
In-reply-to: <[🔎] 20131016072453.GF5856@type.wlan.youpi.perso.aquilenet.fr>
References: <[🔎] 1381825992.3860.43.camel@G3620.my.own.domain> <[🔎] 20131015222801.GZ5856@type.wlan.youpi.perso.aquilenet.fr> <[🔎] 1381876818.3860.53.camel@G3620.my.own.domain> <[🔎] 20131015224201.GA5856@type.wlan.youpi.perso.aquilenet.fr> <[🔎] 1381877214.3860.56.camel@G3620.my.own.domain> <[🔎] 20131015224835.GB5856@type.wlan.youpi.perso.aquilenet.fr> <[🔎] 20131015224922.GC5856@type.wlan.youpi.perso.aquilenet.fr> <[🔎] 1381901751.3860.65.camel@G3620.my.own.domain> <[🔎] 1381902251.3860.67.camel@G3620.my.own.domain> <[🔎] 20131016072453.GF5856@type.wlan.youpi.perso.aquilenet.fr>

On Wed, 2013-10-16 at 09:24 +0200, Samuel Thibault wrote:
> Svante Signell, le Wed 16 Oct 2013 07:44:11 +0200, a écrit :
> > What about being paranoid, and do the check on both the transmit _and_
> > receive side?
> 
> There is no need for a check on the transmit side: the sender does know
> for sure what he is.

As a motivation for having the check at the receive side, a malicious
sender will not got through sendmsg then?

So let's be serious, which entries are part of the ancillary data to
check: pid, auid, agid, euid, egid (not in scm_creds), cmcred_groups[]?
E.g. where to add the groups data, on the transmit or receive side?

Reply to:

Follow-Ups:
- Re: RFC: [PATCH] SCM_CREDS support 1(2)
  - From: Samuel Thibault <samuel.thibault@gnu.org>

References:
- RFC: [PATCH] SCM_CREDS support 1(2)
  - From: Svante Signell <svante.signell@gmail.com>
- Re: RFC: [PATCH] SCM_CREDS support 1(2)
  - From: Samuel Thibault <samuel.thibault@gnu.org>
- Re: RFC: [PATCH] SCM_CREDS support 1(2)
  - From: Svante Signell <svante.signell@gmail.com>
- Re: RFC: [PATCH] SCM_CREDS support 1(2)
  - From: Samuel Thibault <samuel.thibault@gnu.org>
- Re: RFC: [PATCH] SCM_CREDS support 1(2)
  - From: Svante Signell <svante.signell@gmail.com>
- Re: RFC: [PATCH] SCM_CREDS support 1(2)
  - From: Samuel Thibault <samuel.thibault@gnu.org>
- Re: RFC: [PATCH] SCM_CREDS support 1(2)
  - From: Samuel Thibault <samuel.thibault@gnu.org>
- Re: RFC: [PATCH] SCM_CREDS support 1(2)
  - From: Svante Signell <svante.signell@gmail.com>
- Re: RFC: [PATCH] SCM_CREDS support 1(2)
  - From: Svante Signell <svante.signell@gmail.com>
- Re: RFC: [PATCH] SCM_CREDS support 1(2)
  - From: Samuel Thibault <samuel.thibault@gnu.org>

Prev by Date: Re: RFC: [PATCH] SCM_CREDS support 1(2)
Next by Date: Re: RFC: [PATCH] SCM_CREDS support 1(2)
Previous by thread: Re: RFC: [PATCH] SCM_CREDS support 1(2)
Next by thread: Re: RFC: [PATCH] SCM_CREDS support 1(2)
Index(es):
- Date
- Thread