[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 1/3] BSD: Ensure UNIX socket credentials are valid



On Tue, Sep 24, 2013 at 11:44 AM, Doug Goldstein <cardoe cardoe com> wrote:
> Ensure that the socket credentials we got back on BSD are valid before
> using them.
> ---
>  src/rpc/virnetsocket.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
>
> diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
> index b311aae..49c6ddc 100644
> --- a/src/rpc/virnetsocket.c
> +++ b/src/rpc/virnetsocket.c
> @@ -1166,6 +1166,18 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
>          return -1;
>      }
>
> +    if (cr.cr_version != XUCRED_VERSION) {
> +        virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
> +                       _("Failed to get valid client socket identity"));
> +        return -1;
> +    }
> +
> +    if (cr.cr_ngroups == 0) {
> +        virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
> +                       _("Failed to get valid client socket identity groups"));
> +        return -1;
> +    }
> +
>      *pid = -1;
>      *uid = cr.cr_uid;
>      *gid = cr.cr_gid;
> --
> 1.8.1.5
>

Ping this patch. Justin Clift ran into a bug related with this when
testing 1.1.3 rc1. I've looked for other projects doing similar checks
and Wayland uses this behavior on the BSDs. Always makes me feel good
when I don't come up with a unique solution and instead other projects
do it as well.

-- 
Doug Goldstein


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]