On Fri, Jun 06, 2025 at 09:17:04AM -0400, Greg Troxel wrote: > > A fair question, but in the current code, what does it mean for an > AF_INET socket to have an owner? > > It may be that the firewall rules should be based on the process's > uid/gid, and that the concept of sockets having owners is just a red herring.
Indeed. Maybe it's helpful to think about SO_PEERCRED. On NetBSD, this operation is defined only for AF_UNIX sockets, but for a Linux system, SO_PEERCRED works on TCP sockets *if the peer is on the same host*. It returns the peer's euid. Is that's what's wanted here, but for the local, not the remote, end of the connection? It sounds to me like it might be. However, there are funny corner cases, like if we intentionally drop privileges. A single UID may not be enough, and as I think about it, I don't think even the mess of POSIX saved UID semantics are sufficient.
