aboutsummaryrefslogtreecommitdiffstats
path: root/net/unix
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2010-06-12 23:30:14 -0400
committerDavid S. Miller <davem@davemloft.net>2010-06-16 17:55:55 -0400
commit109f6e39fa07c48f580125f531f46cb7c245b528 (patch)
tree9ec97679c227394a44ebede5768f92d970cea6eb /net/unix
parent3f551f9436c05a3b5eccdd6e94733df5bb98d2a5 (diff)
af_unix: Allow SO_PEERCRED to work across namespaces.
Use struct pid and struct cred to store the peer credentials on struct sock. This gives enough information to convert the peer credential information to a value relative to whatever namespace the socket is in at the time. This removes nasty surprises when using SO_PEERCRED on socket connetions where the processes on either side are in different pid and user namespaces. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Acked-by: Daniel Lezcano <daniel.lezcano@free.fr> Acked-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/unix')
-rw-r--r--net/unix/af_unix.c37
1 files changed, 28 insertions, 9 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index fef2cc5e9d2b..e1f1349fae86 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -450,11 +450,31 @@ static int unix_release_sock(struct sock *sk, int embrion)
450 return 0; 450 return 0;
451} 451}
452 452
453static void init_peercred(struct sock *sk)
454{
455 put_pid(sk->sk_peer_pid);
456 if (sk->sk_peer_cred)
457 put_cred(sk->sk_peer_cred);
458 sk->sk_peer_pid = get_pid(task_tgid(current));
459 sk->sk_peer_cred = get_current_cred();
460}
461
462static void copy_peercred(struct sock *sk, struct sock *peersk)
463{
464 put_pid(sk->sk_peer_pid);
465 if (sk->sk_peer_cred)
466 put_cred(sk->sk_peer_cred);
467 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
468 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
469}
470
453static int unix_listen(struct socket *sock, int backlog) 471static int unix_listen(struct socket *sock, int backlog)
454{ 472{
455 int err; 473 int err;
456 struct sock *sk = sock->sk; 474 struct sock *sk = sock->sk;
457 struct unix_sock *u = unix_sk(sk); 475 struct unix_sock *u = unix_sk(sk);
476 struct pid *old_pid = NULL;
477 const struct cred *old_cred = NULL;
458 478
459 err = -EOPNOTSUPP; 479 err = -EOPNOTSUPP;
460 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET) 480 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
@@ -470,12 +490,14 @@ static int unix_listen(struct socket *sock, int backlog)
470 sk->sk_max_ack_backlog = backlog; 490 sk->sk_max_ack_backlog = backlog;
471 sk->sk_state = TCP_LISTEN; 491 sk->sk_state = TCP_LISTEN;
472 /* set credentials so connect can copy them */ 492 /* set credentials so connect can copy them */
473 sk->sk_peercred.pid = task_tgid_vnr(current); 493 init_peercred(sk);
474 current_euid_egid(&sk->sk_peercred.uid, &sk->sk_peercred.gid);
475 err = 0; 494 err = 0;
476 495
477out_unlock: 496out_unlock:
478 unix_state_unlock(sk); 497 unix_state_unlock(sk);
498 put_pid(old_pid);
499 if (old_cred)
500 put_cred(old_cred);
479out: 501out:
480 return err; 502 return err;
481} 503}
@@ -1140,8 +1162,7 @@ restart:
1140 unix_peer(newsk) = sk; 1162 unix_peer(newsk) = sk;
1141 newsk->sk_state = TCP_ESTABLISHED; 1163 newsk->sk_state = TCP_ESTABLISHED;
1142 newsk->sk_type = sk->sk_type; 1164 newsk->sk_type = sk->sk_type;
1143 newsk->sk_peercred.pid = task_tgid_vnr(current); 1165 init_peercred(newsk);
1144 current_euid_egid(&newsk->sk_peercred.uid, &newsk->sk_peercred.gid);
1145 newu = unix_sk(newsk); 1166 newu = unix_sk(newsk);
1146 newsk->sk_wq = &newu->peer_wq; 1167 newsk->sk_wq = &newu->peer_wq;
1147 otheru = unix_sk(other); 1168 otheru = unix_sk(other);
@@ -1157,7 +1178,7 @@ restart:
1157 } 1178 }
1158 1179
1159 /* Set credentials */ 1180 /* Set credentials */
1160 sk->sk_peercred = other->sk_peercred; 1181 copy_peercred(sk, other);
1161 1182
1162 sock->state = SS_CONNECTED; 1183 sock->state = SS_CONNECTED;
1163 sk->sk_state = TCP_ESTABLISHED; 1184 sk->sk_state = TCP_ESTABLISHED;
@@ -1199,10 +1220,8 @@ static int unix_socketpair(struct socket *socka, struct socket *sockb)
1199 sock_hold(skb); 1220 sock_hold(skb);
1200 unix_peer(ska) = skb; 1221 unix_peer(ska) = skb;
1201 unix_peer(skb) = ska; 1222 unix_peer(skb) = ska;
1202 ska->sk_peercred.pid = skb->sk_peercred.pid = task_tgid_vnr(current); 1223 init_peercred(ska);
1203 current_euid_egid(&skb->sk_peercred.uid, &skb->sk_peercred.gid); 1224 init_peercred(skb);
1204 ska->sk_peercred.uid = skb->sk_peercred.uid;
1205 ska->sk_peercred.gid = skb->sk_peercred.gid;
1206 1225
1207 if (ska->sk_type != SOCK_DGRAM) { 1226 if (ska->sk_type != SOCK_DGRAM) {
1208 ska->sk_state = TCP_ESTABLISHED; 1227 ska->sk_state = TCP_ESTABLISHED;