unix STREAM/SEQPACKET sockets and SO_PASSCRED race

unix STREAM/SEQPACKET sockets and SO_PASSCRED race

[Kay Sievers]

While checking the issues caused by:
  "af_unix: dont send SCM_CREDENTIAL when dest socket is NULL"
  http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=14134f6584212d585b310ce95428014b653dfaf6

which was later reverted by:
  http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=25da0e3e9d3fb2b522bc2a598076735850310eb1

Seems, if messages are sent by the client during the window between
accept() and setsockopt(SO_PASSCRED) on the server, the kernel will
not attach the credentials to the message.

The original change opened the race window significantly, but it seems
the window existed even before the change, it's just hard to hit.

Is there a way to race-free set up a connection on the server side
which has scm credentials enabled? If scm credential handling should
only be needed to be requested on the server side, is there any way to
do that?

If not, could we inherit/copy over the PASSCRED bit from the listen
socket to the connection socket. Servers could set the flag there to
receive it for the accepted connections?

Thanks,
Kay

Re: unix STREAM/SEQPACKET sockets and SO_PASSCRED race

[David Miller]

From: Kay Sievers <kay@vrfy.org>
Date: Mon, 8 Apr 2013 22:55:28 +0200

> If not, could we inherit/copy over the PASSCRED bit from the listen
> socket to the connection socket. Servers could set the flag there to
> receive it for the accepted connections?

We could start doing that yes, this is similar to what we did for
things like non-nonblocking flags on TCP sockets a long time ago.