GNOME Bugzilla – Bug 306706
Support for OSes that do not support LOCAL_CRED
Last modified: 2018-07-01 08:47:35 UTC
Please describe the problem: Out of the box, GAMIN does not support OSes that do not support sending credentials over sockets. There is basic support already (in libgamin/gam_api.c gamin_get_socket_dir() and in server/gam_channel.c gam_client_conn_check_cred()), however, it is not complete: although gamin correctly notices that LOCAL_CREDS is undefined and doesn't try to use to use it, it assumes that it will receive the credentials anyway. Assuming the socket is correctly created (and as far as I can see this is the case), this functionality is not needed: being able to send to the socket is the necessary and sufficient proof of authority. Even if we were to support sending credentials on the Hurd, there are a number of questions the most important of which is that since a process can have multiple effective user ids at once which one would we transmit? The only problem with not supporting credentials is that gamin wants the pid of the client. As far as I can tell, it only uses it for debugging message. My initial approach was to set it to -1 or 0 but gamin doesn't like either of those: the former means an error occured and the latter triggers an assert. Currently, I just set it to getpid (). Clearly a hack. Steps to reproduce: 1. 2. 3. Actual results: Expected results: Does this happen every time? Other information:
Created attachment 47347 [details] [review] patch
The check for the PID on platforms which support LOCAL_CRED is a security feature. The goal is to make sure server and client are of the same user with the same level of access to the filesystem. This is really a hard feature and I would prefer the patch to appear publicly on the mailing-list for at least an opportunity of review before applying it. People on other OSes may have their own opinion about this and should have an opportunity to give feedback. Put in NEEDINFO status at this point for the reason exposed, please post to the list to resolve this. thanks Daniel
Created attachment 47458 [details] [review] patch New patch against CVS. This takes a slightly different approach: if setsockopt fails we assume the OS doesn't have LOCAL_CRED support. I could alternatively change this so that we only make this assumption if setsockopt returns ENOSYS, EOPNOTSUPP or EINVAL.
I tend to prefer that one, yes. Applied and commited, thanks, Daniel
Well the patch actually trash the authentication on Linux. HAVE_CMSGCRED is not defined, so we end up with lack_creds == 0 and as a result, socket credentail are not even tested and c_pid is set to getuid() whicn also mean all the debugging infrastructure can't report the PID of the target process anymore. This is fairly bad since this ended up in 0.1.1 and now I have 1/ a potential security problems and 2/ a broken debugging infrastructure. I reverted the patch in CVS Daniel
gamin is not under active development anymore and has not seen code changes for many years. Its codebase has been archived: https://gitlab.gnome.org/Archive/gamin/commits/master Closing this report as WONTFIX as part of Bugzilla Housekeeping to reflect reality. Please feel free to reopen this ticket (or rather transfer the project to GNOME Gitlab, as GNOME Bugzilla is deprecated) if anyone takes the responsibility for active development again.