Re: [PATCH] Disable AF_UNIX handshake with setsockopt(..., SO_PEERCRED, ...)

2014-10-13 Thread Corinna Vinschen 
On Oct 13 07:37, Christian Franke wrote:
> Corinna Vinschen wrote:
> >On Oct 10 20:04, Corinna Vinschen wrote:
> >>In short, the whole code is written under the assumption that any sane
> >>application calling nonblocking connect would always call select/poll to
> >>check if connect succeeded in the first place.  Obviously, as postfix
> >>shows, this is a wrong assumption.
> >>
> >>I'm not yet sure how to fix this, but I'll look into this next week.
> >I applied a fix which, I think, is much more elegant than the former
> >solution.  The af_local_connect call is now called as soon as an
> >FD_CONNECT event is generated and read by a call to wait_event.  It
> >worked for me, so I have tender hopes that I didn't miss something.
> >
> >I also applied your patch on top of this new stuff and I'm just building
> >a new developer snapshot for testing.
> 
> A quick test of current postfix draft with the snapshot works as expected.
> Thanks.

Did you run other network-related tools, too, in the meantime?  Any
fallout which could be a result my change?

> >   In setsockopt I added a check for
> >socket family and type so setsockopt(SO_PEERCRED) only works for
> >AF_LOCAL/SOCK_STREAM sockets, just as the entire handshake stuff.
> 
> Probably not needed because this check was already in
> af_local_set_no_getpeereid() itself.

Doh!  I reverted this part of my change.  I completely missed the
redundancy here, sorry.

> >   I
> >also added a comment to explain why we do this and a FIXME comment so we
> >don't forget we're still looking for a more generic solution for the
> >SO_PEERCRED exchange.
> 
> Definitely, at least because the current AF_LOCAL emulation has some
> security issues.

-v?


Thanks,
Corinna

-- 
Corinna Vinschen  Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat


pgpqci1iA9oyK.pgp
Description: PGP signature

Re: [PATCH] Disable AF_UNIX handshake with setsockopt(..., SO_PEERCRED, ...)

2014-10-13 Thread Corinna Vinschen 
On Oct 13 10:20, Corinna Vinschen wrote:
> On Oct 13 07:37, Christian Franke wrote:
> > Corinna Vinschen wrote:
> > >On Oct 10 20:04, Corinna Vinschen wrote:
> > >>In short, the whole code is written under the assumption that any sane
> > >>application calling nonblocking connect would always call select/poll to
> > >>check if connect succeeded in the first place.  Obviously, as postfix
> > >>shows, this is a wrong assumption.
> > >>
> > >>I'm not yet sure how to fix this, but I'll look into this next week.
> > >I applied a fix which, I think, is much more elegant than the former
> > >solution.  The af_local_connect call is now called as soon as an
> > >FD_CONNECT event is generated and read by a call to wait_event.  It
> > >worked for me, so I have tender hopes that I didn't miss something.
> > >
> > >I also applied your patch on top of this new stuff and I'm just building
> > >a new developer snapshot for testing.
> > 
> > A quick test of current postfix draft with the snapshot works as expected.
> > Thanks.
> 
> Did you run other network-related tools, too, in the meantime?  Any
> fallout which could be a result my change?
> 
> > >   In setsockopt I added a check for
> > >socket family and type so setsockopt(SO_PEERCRED) only works for
> > >AF_LOCAL/SOCK_STREAM sockets, just as the entire handshake stuff.
> > 
> > Probably not needed because this check was already in
> > af_local_set_no_getpeereid() itself.
> 
> Doh!  I reverted this part of my change.  I completely missed the
> redundancy here, sorry.
> 
> > >   I
> > >also added a comment to explain why we do this and a FIXME comment so we
> > >don't forget we're still looking for a more generic solution for the
> > >SO_PEERCRED exchange.
> > 
> > Definitely, at least because the current AF_LOCAL emulation has some
> > security issues.
> 
> -v?

Btw., I'd be grateful if we could discuss this on cygwin-developers,
if you don't mind.


Thanks,
Corinna

-- 
Corinna Vinschen  Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat


pgpQNuD7aE3st.pgp
Description: PGP signature