Re: [PATCH v3 1/3] qio: add support for SO

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 1/3] qio: add support for SO_PEERCRED for socket channel

From:	Daniel P . Berrangé
Subject:	Re: [PATCH v3 1/3] qio: add support for SO_PEERCRED for socket channel
Date:	Mon, 29 Jan 2024 19:30:01 +0000
User-agent:	Mutt/2.2.12 (2023-09-09)

On Mon, Jan 29, 2024 at 08:25:29PM +0100, Paolo Bonzini wrote:
> On Thu, Jan 25, 2024 at 5:38 PM Daniel P. Berrangé <berrange@redhat.com> 
> wrote:
> > > +static void
> > > +qio_channel_socket_get_peerpid(QIOChannel *ioc,
> > > +                               unsigned int *pid,
> > > +                               Error **errp)
> > > +{
> > > +#ifdef CONFIG_LINUX
> > > +    QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc);
> > > +    Error *err = NULL;
> > > +    socklen_t len = sizeof(struct ucred);
> > > +
> > > +    struct ucred cred;
> > > +    if (getsockopt(sioc->fd,
> > > +               SOL_SOCKET, SO_PEERCRED,
> > > +               &cred, &len) == -1) {
> > > +        error_setg_errno(&err, errno, "Unable to get peer credentials");
> > > +        error_propagate(errp, err);
> > > +    }
> > > +    *pid = (unsigned int)cred.pid;
> > > +#else
> > > +    *pid = 0;
> >
> > Defaulting 'pid' to 0 is potentially unsafe, because to a caller it
> > now appears that the remote party is 'root' and thus implied to be
> > a privileged account.
> 
> This is a pid, so 0 cannot be confused; however, I agree that
> returning an error is better.

Opps, face-palm  !



With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v3 0/3] Add support for the RAPL MSRs series, Anthony Harivel, 2024/01/25
- [PATCH v3 1/3] qio: add support for SO_PEERCRED for socket channel, Anthony Harivel, 2024/01/25
  - Re: [PATCH v3 1/3] qio: add support for SO_PEERCRED for socket channel, Daniel P . Berrangé, 2024/01/25
    - Re: [PATCH v3 1/3] qio: add support for SO_PEERCRED for socket channel, Paolo Bonzini, 2024/01/29
    - Re: [PATCH v3 1/3] qio: add support for SO_PEERCRED for socket channel, Daniel P . Berrangé <=
- [PATCH v3 2/3] tools: build qemu-vmsr-helper, Anthony Harivel, 2024/01/25
  - Re: [PATCH v3 2/3] tools: build qemu-vmsr-helper, Daniel P . Berrangé, 2024/01/29
    - Re: [PATCH v3 2/3] tools: build qemu-vmsr-helper, Paolo Bonzini, 2024/01/29
    - Re: [PATCH v3 2/3] tools: build qemu-vmsr-helper, Daniel P . Berrangé, 2024/01/29
    - Re: [PATCH v3 2/3] tools: build qemu-vmsr-helper, Daniel P . Berrangé, 2024/01/29
    - Re: [PATCH v3 2/3] tools: build qemu-vmsr-helper, Paolo Bonzini, 2024/01/29
- [PATCH v3 3/3] Add support for RAPL MSRs in KVM/Qemu, Anthony Harivel, 2024/01/25
  - Re: [PATCH v3 3/3] Add support for RAPL MSRs in KVM/Qemu, Daniel P . Berrangé, 2024/01/29
  - Re: [PATCH v3 3/3] Add support for RAPL MSRs in KVM/Qemu, Daniel P . Berrangé, 2024/01/30
  - Re: [PATCH v3 3/3] Add support for RAPL MSRs in KVM/Qemu, Daniel P . Berrangé, 2024/01/30

Prev by Date: Re: [PATCH v3 3/3] Add support for RAPL MSRs in KVM/Qemu
Next by Date: Re: [PATCH v3 2/3] tools: build qemu-vmsr-helper
Previous by thread: Re: [PATCH v3 1/3] qio: add support for SO_PEERCRED for socket channel
Next by thread: [PATCH v3 2/3] tools: build qemu-vmsr-helper
Index(es):
- Date
- Thread