[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 1/3] qio: add support for SO_PEERCRED for socket channel
From: |
Daniel P . Berrangé |
Subject: |
Re: [PATCH v3 1/3] qio: add support for SO_PEERCRED for socket channel |
Date: |
Mon, 29 Jan 2024 19:30:01 +0000 |
User-agent: |
Mutt/2.2.12 (2023-09-09) |
On Mon, Jan 29, 2024 at 08:25:29PM +0100, Paolo Bonzini wrote:
> On Thu, Jan 25, 2024 at 5:38 PM Daniel P. Berrangé <berrange@redhat.com>
> wrote:
> > > +static void
> > > +qio_channel_socket_get_peerpid(QIOChannel *ioc,
> > > + unsigned int *pid,
> > > + Error **errp)
> > > +{
> > > +#ifdef CONFIG_LINUX
> > > + QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc);
> > > + Error *err = NULL;
> > > + socklen_t len = sizeof(struct ucred);
> > > +
> > > + struct ucred cred;
> > > + if (getsockopt(sioc->fd,
> > > + SOL_SOCKET, SO_PEERCRED,
> > > + &cred, &len) == -1) {
> > > + error_setg_errno(&err, errno, "Unable to get peer credentials");
> > > + error_propagate(errp, err);
> > > + }
> > > + *pid = (unsigned int)cred.pid;
> > > +#else
> > > + *pid = 0;
> >
> > Defaulting 'pid' to 0 is potentially unsafe, because to a caller it
> > now appears that the remote party is 'root' and thus implied to be
> > a privileged account.
>
> This is a pid, so 0 cannot be confused; however, I agree that
> returning an error is better.
Opps, face-palm !
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
[PATCH v3 3/3] Add support for RAPL MSRs in KVM/Qemu, Anthony Harivel, 2024/01/25