DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:sender:date:x-google-sender-auth:message-id:subject
         :from:to:content-type:content-transfer-encoding;
        b=rFDL8031hjMke4cwhowwq0ccbNYNNetdlEJy5AnpfwvonAu30PvMVR1XcOwnHzlwT1
         P7tOtfeMTeRmdG1gYkPNPBbbaYLqDF1xUfmKZZ86tjjbHEzt4GEFIUmknqPk4AHGSKug
         FrmWNGYboEqz3TYXIrTc6AmhTUWG0ugipdIkM=
MIME-Version: 1.0
Date: Mon, 6 Jul 2009 16:13:48 -0700
Message-ID: <396556a20907061613h48691c80m75e5bfe17c1069cb@mail.gmail.com>
Subject: SCM_CREDENTIALS and PID namespaces
From: Adam Langley <agl@imperialviolet.org>
To: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1250
Lines: 36

Currently, the SCM_CREDENTIALS control message contains the PID of the
sending process, in the sender's PID namespace. This would seem to
violate the spirit of SCM_CREDENTIALS since, from the receiver's point
of view, the sender's PID in that namespace might be another process
entirely.

I started to write a patch for this, but then got hung up on the
semantics, so I'm asking here first.

Here's what I think should happen:

A received SCM_CREDENTIALS should contain the PID of the sending
process, in the receiver's namespace. Or -1 if the PID is not
representable.

If the sending process has exited, the pid should be -1. (We don't
want to hold a reference to a struct pid from the SKB, so we have to
do this).

When sending an SCM_CREDENTIALS message, if pid == getpid(), then the
PID acts as above. Otherwise, we pass the PID raw to the receiver.  (A
process has to be CAP_SYS_ADMIN to fake its PID).


Seem reasonable?


AGL

-- 
Adam Langley agl@imperialviolet.org http://www.imperialviolet.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/