oss-sec mailing list archives
Re: Linux peer_cred Mischmasch
From: Florian Weimer <fweimer () redhat com>
Date: Tue, 22 Jul 2014 13:17:56 +0200
On 07/22/2014 12:15 PM, Sebastian Krahmer wrote:
While maybe_add_creds() (via SOCK_PASSCRED) and scm_send() (via unix_{stream,dgram}_sendmsg()) use the real UID, cred_to_ucred() (via SO_PEERCRED) passes the EUID (this time also kuid_munged()).
There should also be a discrepancy regarding when the credentials are captured (time of send for SOCK_PASSCRED, time of socket creation for SO_PEERCRED). The latter is required because privileged processes assume that they can safely write to stderr, so picking the current process credentials may well introduce vulnerabilities.
-- Florian Weimer / Red Hat Product Security
Current thread:
- Linux peer_cred Mischmasch Sebastian Krahmer (Jul 22)
- Re: Linux peer_cred Mischmasch Simon McVittie (Jul 22)
- Re: Linux peer_cred Mischmasch Florian Weimer (Jul 22)
- Re: Linux peer_cred Mischmasch Andy Lutomirski (Jul 22)
- Re: Re: Linux peer_cred Mischmasch Sebastian Krahmer (Jul 22)
- Re: Linux peer_cred Mischmasch Andy Lutomirski (Jul 24)
- Re: Linux peer_cred Mischmasch Andy Lutomirski (Jul 22)