Currently, the SCM_CREDENTIALS control message contains the PID of the
sending process, in the sender's PID namespace. This would seem to
violate the spirit of SCM_CREDENTIALS since, from the receiver's point
of view, the sender's PID in that namespace might be another process
entirely.
I started to write a patch for this, but then got hung up on the
semantics, so I'm asking here first.
Here's what I think should happen:
A received SCM_CREDENTIALS should contain the PID of the sending
process, in the receiver's namespace. Or -1 if the PID is not
representable.
If the sending process has exited, the pid should be -1. (We don't
want to hold a reference to a struct pid from the SKB, so we have to
do this).
When sending an SCM_CREDENTIALS message, if pid == getpid(), then the
PID acts as above. Otherwise, we pass the PID raw to the receiver. (A
process has to be CAP_SYS_ADMIN to fake its PID).
Seem reasonable?
AGL
--
Adam Langley [email protected] http://www.imperialviolet.org