Recent Linux has this commit:
Author: Eric Dumazet <email@example.com>
Date: 2011-09-19 05:52:27 +0000
af_unix: dont send SCM_CREDENTIALS by default
Since commit 7361c36c5224 (af_unix: Allow credentials to work across
user and pid namespaces) af_unix performance dropped a lot.
This patch includes SCM_CREDENTIALS information in a af_unix message/skb
only if requested by the sender, [man 7 unix for details how to include
ancillary data using sendmsg() system call]
Note: This might break buggy applications that expected SCM_CREDENTIAL
from an unaware write() system call, and receiver not using SO_PASSCRED
If SOCK_PASSCRED is set on source or destination socket, we still
include credentials for mere write() syscalls.
so we need to do at least one of these:
* teach the Python (Twisted) code to send ancillary data
(probably somewhat difficult)
* have Gabble enable SO_PASSCRED before telling the Tubes client
about the socket, instead of enabling it just in time for the relevant
read, and keep it enabled until the creds have been passed
Of course, using GLib for the credentials-passing would also be good (but we'll have to check that it doesn't have the same bug).
I also spotted a related problem when receiving creds: we blindly assume that the CMSG_FIRSTHDR is of type (SOL_SOCKET, SCM_CREDENTIALS), rather than iterating through all cmsg headers.
I disabled the test for now with this commit: 8d7efad30c8633d6df4a0635eb7f78f2fa326e9a