Thor Lancelot Simon <t...@panix.com> writes: > On Fri, Jun 06, 2025 at 09:28:31AM -0400, Greg Troxel wrote: >> >> get me the effective uid/gid of the process which will receive this >> packet after I deliver it to socket B > > Is there actually a guaranteed-unique answer to this question? Even leaving > aside file descriptor passing, what if a process forks, then drops > privilege? Whoever calls read() on their descriptor for the socket first > will get the packet, no?
Maybe not. In the cases I think matter, it's well defined. Specifically I think it's most important for daemons that are started as a specific uid. If a program run as root does fork/setuid and shares the socket, it's being odd and I'm not that concerned with how the rules are interpreted, as it's basically a bug to write rules for that situation that will handle things differently.
