| commit | 6d485a55d0cd8fbb8b4337b298f79ddb0c2a5511 | |
| author | Laurent Vivier <laurent@vivier.eu> | |
| Tue, 4 Feb 2020 21:19:01 +0000 (4 22:19 +0100) | ||
| committer | Laurent Vivier <laurent@vivier.eu> | |
| Wed, 12 Feb 2020 17:56:45 +0000 (12 18:56 +0100) | ||
| tree | f1a9d76265211a101344ae481773c13d44d751ba | treesnapshot (tar.gz zip) |
| parent | 6bc024e713fd35eb5fddbe16acd8dc92d27872a9 | commitdiff |
linux-user: implement TARGET_SO_PEERSEC
"The purpose of this option is to allow an application to obtain the
security credentials of a Unix stream socket peer. It is analogous to
SO_PEERCRED (which provides authentication using standard Unix credentials
of pid, uid and gid), and extends this concept to other security
models." -- https://lwn.net/Articles/62370/
Until now it was passed to the kernel with an "int" argument and
fails when it was supported by the host because the parameter is
like a filename: it is always a \0-terminated string with no embedded
\0 characters, but is not guaranteed to be ASCII or UTF-8.
I've tested the option with the following program:
/*
* cc -o getpeercon getpeercon.c
*/
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int main(void)
{
int fd;
struct sockaddr_in server, addr;
int ret;
socklen_t len;
char buf[256];
fd = socket(PF_INET, SOCK_STREAM, 0);
if (fd == -1) {
perror("socket");
return 1;
}
server.sin_family = AF_INET;
inet_aton("127.0.0.1", &server.sin_addr);
server.sin_port = htons(40390);
connect(fd, (struct sockaddr*)&server, sizeof(server));
len = sizeof(buf);
ret = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, buf, &len);
if (ret == -1) {
perror("getsockopt");
return 1;
}
printf("%d %s\n", len, buf);
return 0;
}
On host:
$ ./getpeercon
33 system_u:object_r:unlabeled_t:s0
With qemu-aarch64/bionic without the patch:
$ ./getpeercon
getsockopt: Numerical result out of range
With the patch:
$ ./getpeercon
33 system_u:object_r:unlabeled_t:s0
Bug: https://bugs.launchpad.net/qemu/+bug/1823790
Reported-by: Matthias Lüscher <lueschem@gmail.com>
Tested-by: Matthias Lüscher <lueschem@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200204211901.1731821-1-laurent@vivier.eu>
"The purpose of this option is to allow an application to obtain the
security credentials of a Unix stream socket peer. It is analogous to
SO_PEERCRED (which provides authentication using standard Unix credentials
of pid, uid and gid), and extends this concept to other security
models." -- https://lwn.net/Articles/62370/
Until now it was passed to the kernel with an "int" argument and
fails when it was supported by the host because the parameter is
like a filename: it is always a \0-terminated string with no embedded
\0 characters, but is not guaranteed to be ASCII or UTF-8.
I've tested the option with the following program:
/*
* cc -o getpeercon getpeercon.c
*/
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int main(void)
{
int fd;
struct sockaddr_in server, addr;
int ret;
socklen_t len;
char buf[256];
fd = socket(PF_INET, SOCK_STREAM, 0);
if (fd == -1) {
perror("socket");
return 1;
}
server.sin_family = AF_INET;
inet_aton("127.0.0.1", &server.sin_addr);
server.sin_port = htons(40390);
connect(fd, (struct sockaddr*)&server, sizeof(server));
len = sizeof(buf);
ret = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, buf, &len);
if (ret == -1) {
perror("getsockopt");
return 1;
}
printf("%d %s\n", len, buf);
return 0;
}
On host:
$ ./getpeercon
33 system_u:object_r:unlabeled_t:s0
With qemu-aarch64/bionic without the patch:
$ ./getpeercon
getsockopt: Numerical result out of range
With the patch:
$ ./getpeercon
33 system_u:object_r:unlabeled_t:s0
Bug: https://bugs.launchpad.net/qemu/+bug/1823790
Reported-by: Matthias Lüscher <lueschem@gmail.com>
Tested-by: Matthias Lüscher <lueschem@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200204211901.1731821-1-laurent@vivier.eu>
| linux-user/syscall.c | diffblobblamehistory |