[PATCH] Disable AF_UNIX handshake with setsockopt(..., SO_PEERCRED, ...)
Corinna Vinschen
corinna-cygwin@cygwin.com
Thu Oct 9 18:00:00 GMT 2014
Hi Christian,
On Sep 25 14:40, Christian Franke wrote:
> This is a workaround for this problem which blocks ITP postfix:
> https://cygwin.com/ml/cygwin/2014-08/msg00420.html
>
> With the patch, this disables the secret+cred handshakes of the AF_UNIX
> emulation:
>
> int sd = socket(AF_UNIX, SOCK_STREAM, 0);
>
> setsockopt(sd, SOL_SOCKET, SO_PEERCRED, NULL, 0);
>
> Postfix works if socket() calls are replaced by the above.
>
> Calls of getsockopt(..., SO_PEERCRED, ...) and getpeereid() would fail with ENOTSUP then. These are not used by postfix.
>
> Christian
>
Patch looks good. I'm just going to move the no_getpeereid flag into
the status block. Also:
> +int
> +fhandler_socket::af_local_set_no_getpeereid ()
> +{
> + if (get_addr_family () != AF_LOCAL || get_socket_type () != SOCK_STREAM)
> + {
> + set_errno (EINVAL);
> + return -1;
> + }
> + if (connect_state () != unconnected)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
Wouldn't it make sense to allow this call in the "listener" state as well?
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-patches/attachments/20141009/227d6cf2/attachment.sig>
More information about the Cygwin-patches
mailing list