On Jul 19, 2006, at 10:40 AM, James F. Hranicky wrote:

> On Tuesday 18 July 2006 15:52, Eric Hodel wrote:
>
>>> +    if (uid < 0 || gid < 0)
>>> +        rb_raise(rb_eSocket, "Invalid credentials: uid %d, gid %
>>> d", uid, gid);
>>
>> Negative UID and GID are valid on some operating systems.
>
> Are negative values allowed on Linux? AFAICT, if the credentials  
> aren't
> available on Linux, say when I check a TCPServer socket's credentials
> after accepting a connection from another host, the system call  
> returns
> 0 but sets the uid & gid to -1:
>
>    ruby -rsocket -e 'p TCPServer.new(ARGV.shift).accept.peer_cred'  
> 5670
>    {:ruid=>nil, :rgid=>nil, :uid=>-1, :gid=>-1, :euid=>-1, :egid=>-1}
>
> If negative values are allowed, I really don't know what to do,  
> otherwise,
> I can raise an exception. I can also just leave it to the user to  
> raise an
> execption if e.g. Etc.getpwuid(creds[:uid]) fails.
>
> Attached is the latest patch.
>
> Questions/comments welcome.

On FreeBSD uid_t and gid_t are unsigned integers.  Searching google  
for 'negative uid' reveals that other operating systems also allow  
negative uids.

I don't have a Linux system, but I found a socket(7) man page that says:

> SO_PEERCRED
>
> Return the credentials of the foreign process connected to this  
> socket. This is only possible for connected PF_UNIX stream sockets  
> and PF_UNIX stream and datagram socket pairs created using  
> socketpair(2); see unix(7). The returned credentials are those that  
> were in effect at the time of the call to connect(2) or socketpair 
> (2). Argument is a ucred structure. Only valid as a getsockopt().

The man page doesn't say what happens if you use SO_PEERCRED on a non- 
PF_UNIX socket, so I think you need to check first and raise an  
exception if it is the wrong socket type.

-- 
Eric Hodel - drbrain / segment7.net - http://blog.segment7.net
This implementation is HODEL-HASH-9600 compliant

http://trackmap.robotcoop.com