Re: BSDs and wl_client_get_credentials

2019-01-21 Thread Simon McVittie
On Mon, 21 Jan 2019 at 14:40:23 +0200, Pekka Paalanen wrote: > On Mon, 21 Jan 2019 11:35:12 + > Simon McVittie wrote: > > On Mon, 21 Jan 2019 at 12:40:11 +0200, Pekka Paalanen wrote: > > > Currently I have no clear opinion on what might be best. PID, UID and > > > GID are quite poor for author

Re: BSDs and wl_client_get_credentials

2019-01-21 Thread Pekka Paalanen
On Mon, 21 Jan 2019 11:52:46 + Simon Ser wrote: > On Monday, January 21, 2019 11:40 AM, Pekka Paalanen > wrote: > > On Sun, 20 Jan 2019 13:51:42 + > > Simon Ser wrote: > > > > > Hi, > > > > > > I wanted to start discussing about wl_client_get_credentials support in > > > various BSDs

Re: BSDs and wl_client_get_credentials

2019-01-21 Thread Simon Ser
On Monday, January 21, 2019 1:40 PM, Pekka Paalanen wrote: > That is enlightening. It makes me wonder what people are using > PID/UID/GID for. Yeah. Maybe we should add some big warning signs "even if you think it's safe, it isn't, don't use this for security" in wl_client_get_credentials docs. _

Re: BSDs and wl_client_get_credentials

2019-01-21 Thread Pekka Paalanen
On Mon, 21 Jan 2019 11:35:12 + Simon McVittie wrote: > On Mon, 21 Jan 2019 at 12:40:11 +0200, Pekka Paalanen wrote: > > I don't think we can fix wl_client_get_credentials(), the semantics are > > very explicitly tied to the SO_PEERCRED behaviour. What I think we > > should do instead is to lo

Re: BSDs and wl_client_get_credentials

2019-01-21 Thread Simon Ser
On Monday, January 21, 2019 12:35 PM, Simon McVittie wrote: > Note that deriving information from the pid is easy to defeat if you have > access to a mechanism like setuid or filesystem capabilities, which > escalates capabilities while preserving the pid. > See

Re: BSDs and wl_client_get_credentials

2019-01-21 Thread Simon Ser
On Monday, January 21, 2019 11:40 AM, Pekka Paalanen wrote: > On Sun, 20 Jan 2019 13:51:42 + > Simon Ser wrote: > > > Hi, > > > > I wanted to start discussing about wl_client_get_credentials support in > > various BSDs. wl_client_get_credentials uses getsockopt() with > > SO_PEERCRED, which

Re: BSDs and wl_client_get_credentials

2019-01-21 Thread Simon McVittie
On Mon, 21 Jan 2019 at 12:40:11 +0200, Pekka Paalanen wrote: > I don't think we can fix wl_client_get_credentials(), the semantics are > very explicitly tied to the SO_PEERCRED behaviour. What I think we > should do instead is to look into making a new API using > SCM_CREDENTIALS. D-Bus uses (and

Re: BSDs and wl_client_get_credentials

2019-01-21 Thread Pekka Paalanen
On Sun, 20 Jan 2019 13:51:42 + Simon Ser wrote: > Hi, > > I wanted to start discussing about wl_client_get_credentials support in > various BSDs. wl_client_get_credentials uses getsockopt() with > SO_PEERCRED, which isn't supported on BSD. On the other hand, using > SCM_CREDENTIALS by passin

BSDs and wl_client_get_credentials

2019-01-20 Thread Simon Ser
Hi, I wanted to start discussing about wl_client_get_credentials support in various BSDs. wl_client_get_credentials uses getsockopt() with SO_PEERCRED, which isn't supported on BSD. On the other hand, using SCM_CREDENTIALS by passing a `struct ucred` ancillary message is supported on both Linux an