Closed simo5 closed 6 years ago
Abstract namespace sockets have no kernel credential checks, they happen on the inode of the individual socket linked into the filesystem, abstract namespace sockets do not have that individual inode.
Ouch, had not noticed you were supporting abstract sockets ... sounds like the check should be conditional to that ? Anyway this explains my confusion away, thanks
sounds like the check should be conditional to that?
That is true, it should be enough to do these checks only for abstract sockets, if we rely only on the socket's filesystem permissions.
On Thu, 2018-02-15 at 16:56 +0000, Kay Sievers wrote:
sounds like the check should be conditional to that?
That is true, it should be enough to do these checks only for abstract sockets, if we rely only on the socket's filesystem permissions.
I've used sockets extensively in various projects, both with open file system permissions and with internal checks.
In my experience, unless you really have to use internal white lists for some specific reason, relying on file system checks is more flexible because they can be tweaked at any time. Users can use posix ACLs, SeLinux labels, AppArmor paths, and other security mechanisms more flexibly that way.
I am confused, in what case this hasn't already be done properly by the kernel before allowing the connection ? https://github.com/varlink/libvarlink/blob/bd4cd60a446c2967b19a64cec26281cc1489e63a/lib/transport-unix.c#L226