From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin-developers@cygwin.com
Subject: Re: AF_UNIX status report
Date: Fri, 30 Oct 2020 10:20:19 +0100 [thread overview]
Message-ID: <20201030092019.GW5492@calimero.vinschen.de> (raw)
In-Reply-To: <0f945b4c-aa30-e08e-9f86-d4b41279ba10@pismotec.com>
On Oct 29 14:53, Joe Lowe wrote:
> On 2020-10-29 13:19, Ken Brown via Cygwin-developers wrote:
> > On 10/27/2020 5:43 AM, Corinna Vinschen wrote:
> > > On Oct 26 18:04, Ken Brown via Cygwin-developers wrote:
> > > > I've made at least rudimentary implementations of all the
> > > > fhandler_socket_unix functions (including those in select.cc) for which
> > > > there were previously only placeholders.
> > > >
> > > > I've pushed everything to topic/af_unix, including a merge with
> > > > master as of
> > > > a couple days ago.
> > > >
> > > > I've cobbled together a few test programs and put them in
> > > > winsup/cygwin/socket_tests on the topic/af_unix branch. I
> > > > haven't taken the
> > > > time to automate the tests, so they all have to be run
> > > > interactively. There
> > > > is a Makefile to build the test programs and a README.txt that
> > > > shows how to
> > > > run them.
> > > >
> > > > One thing I haven't yet done is to think about (or systematically test)
> > > > datagram sockets. I'm sure there's quite a bit of code that
> > > > won't work for
> > > > them.
> > > >
> > > > Aside from datagram sockets, there are still a few things that
> > > > I'm working
> > > > on, but I'm close to the point where I could use some input:
> > > >
> > > > 1. I've littered the code in fhandler_socket_unix.cc and select.cc with
> > > > FIXME comments on which I'd like advice.
> > >
> > > I'll look into it.
> > >
> > > > 2. I haven't given any thought at all as to how to implement SCM_RIGHTS
> > > > ancillary data. I could definitely use suggestions on that
> > > > before I start
> > > > thrashing around.
> > >
> > > I have only vague ideas at that point. Assuming we can replace the
> > > socket implemantation with the pipe implementation, what we have is a
> > > pipe which can impersonate the peer at least from the server side, and
> > > it knows the client process. This in turn can be used to duplicate
> > > handles. So what we could do is to define fhandler methods which create
> > > a matching serialization and deserialization of the fhandler data, plus
> > > duplicating the handles for the other process, sent over the pipe as
> > > admin package. This must work in either direction, regardless if the
> > > server or the client sends the SCM_RIGHTS block.
> >
> > This sounds reasonable.
> >
> > I have no experience with serialization. Do you happen to know of a
> > good example that I could look at?
Unfortunately not. Probably we can just send the entire fhandler and
the recipient fiddles the content in a per-class way, kind of like
fhandler::dup.
> I have experience building a secure implementation of SCM_RIGHTS type
> functionality over named pipe on Windows. This is not a small amount of code
> if you want to handle processes running as different users or privilege
> levels, and if you don't want to be a source of security vulnerabilities.
You're not interested to help coding this in Cygwin, by any chance?
> You might consider building an implementation of SCM_RIGHTS that is only
> expected to work for processes running as the same user and privilege level.
> At least this would be a good starting point. This would cover the
> requirements of some unix code bases that use SCM_RIGHTS , and avoids
> significant security issues and complexity.
This may be a good start, actually. I'd love to get full privsep
working in OpenSSH, but that's not a key issue, given upstream
supports the preauth-only implementation as well, and this works
without SCM_RIGHTS.
Corinna
next prev parent reply other threads:[~2020-10-30 9:20 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-26 22:04 Ken Brown
2020-10-27 9:43 ` Corinna Vinschen
2020-10-29 20:19 ` Ken Brown
2020-10-29 21:53 ` Joe Lowe
2020-10-30 9:20 ` Corinna Vinschen [this message]
2020-11-03 15:43 ` Ken Brown
2020-11-04 12:03 ` Corinna Vinschen
2020-11-05 14:23 ` Ken Brown
2020-11-05 17:21 ` Corinna Vinschen
2020-11-05 19:01 ` Ken Brown
2020-11-05 19:54 ` Joe Lowe
2020-11-06 4:02 ` Ken Brown
2020-11-05 23:41 ` Ken Brown
2020-11-06 9:12 ` Corinna Vinschen
2020-11-07 22:25 ` Ken Brown
2020-11-08 22:40 ` Ken Brown
2020-11-09 9:08 ` Corinna Vinschen
2020-11-17 19:57 ` Ken Brown
2020-11-18 8:34 ` Corinna Vinschen
2020-11-22 20:44 ` Ken Brown
2020-11-23 8:43 ` Corinna Vinschen
2020-11-26 17:06 ` Ken Brown
2020-12-15 17:33 ` Ken Brown
2020-12-16 9:29 ` Corinna Vinschen
2020-12-16 21:09 ` Ken Brown
2020-12-17 15:54 ` Ken Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201030092019.GW5492@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin-developers@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).