Bug 45443 - Linux credentials-passing is no longer tested
Summary: Linux credentials-passing is no longer tested
Status: NEW
Alias: None
Product: Telepathy
Classification: Unclassified
Component: gabble (show other bugs)
Version: git master
Hardware: Other All
: medium normal
Assignee: Telepathy bugs list
QA Contact: Telepathy bugs list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-01-31 05:56 UTC by Simon McVittie
Modified: 2012-10-12 11:26 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Simon McVittie 2012-01-31 05:56:20 UTC
Recent Linux has this commit:

commit 16e5726269611b71c930054ffe9b858c1cea88eb
Author: Eric Dumazet <eric.dumazet@gmail.com>
Date:   2011-09-19 05:52:27 +0000

    af_unix: dont send SCM_CREDENTIALS by default
    
    Since commit 7361c36c5224 (af_unix: Allow credentials to work across
    user and pid namespaces) af_unix performance dropped a lot.
...
    This patch includes SCM_CREDENTIALS information in a af_unix message/skb
    only if requested by the sender, [man 7 unix for details how to include
    ancillary data using sendmsg() system call]
    
    Note: This might break buggy applications that expected SCM_CREDENTIAL
    from an unaware write() system call, and receiver not using SO_PASSCRED
    socket option.
    
    If SOCK_PASSCRED is set on source or destination socket, we still
    include credentials for mere write() syscalls.

so we need to do at least one of these:

* teach the Python (Twisted) code to send ancillary data
  (probably somewhat difficult)

* have Gabble enable SO_PASSCRED before telling the Tubes client
  about the socket, instead of enabling it just in time for the relevant
  read, and keep it enabled until the creds have been passed
Comment 1 Simon McVittie 2012-01-31 06:00:27 UTC
Of course, using GLib for the credentials-passing would also be good (but we'll have to check that it doesn't have the same bug).

I also spotted a related problem when receiving creds: we blindly assume that the CMSG_FIRSTHDR is of type (SOL_SOCKET, SCM_CREDENTIALS), rather than iterating through all cmsg headers.
Comment 2 Guillaume Desmottes 2012-02-21 08:02:34 UTC
I disabled the test for now with this commit: 8d7efad30c8633d6df4a0635eb7f78f2fa326e9a


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.