From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <kbrown@cornell.edu>
Received: from NAM11-DM6-obe.outbound.protection.outlook.com
 (mail-dm6nam11on2118.outbound.protection.outlook.com [40.107.223.118])
 by sourceware.org (Postfix) with ESMTPS id 215603A4B014
 for <cygwin-developers@cygwin.com>; Fri,  6 Nov 2020 04:02:48 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 215603A4B014
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=R7iCkpNVNsd8kxTMgX7NFADVztNgVJenYc+pVBCs0jrt9SbHyQ/WBWUl/iDvStnl1MWx2HvEkyw4WC6x4CZe0pbHVZ/oUTxFLQkamNF78K7mO6nNRtuIfcQ6l2NOK+GhO41Punn7l24B5LGAO0MV//ALhFygeBhDnauFQI7Y/9lyeSAYiHi4A8GisBMXFzo8DPEWPJayri79/jLr9GJQRWQ4PzjvpX8d9Z3Z8GUKCBJ2QnivWjcq8i0itsWIDbpq7++xVrPDMHhc5dz4dNqFm2IUmqL1ndtAf+4W1xjHUkPeBmfuXjSF8CCthDYB9hTuudXRHpE7zokOvoQ59IXqGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Fyk3e9y9BnUQx4VpUTB1dzIJsySWLzDv3gCEh+faQ94=;
 b=Ol3Uu0x0KOyWiFUcR2h6Mg0bIOh8UrmtDqqfSyAK7q5jpq72c5tEMT53sYqk1ftJmplqn/7aIxrF0JS+fkUJeNb6rW8aU2ROteLutWtjAjrcAA6YiyqMmnb3wjanGZF+7zHlqdLYC8LDRDZ/VmuaQ9+79mIWVFpmooVQTU7l8OaJYGVi7E6CzRZNwZk4z29Xx6JU0rbDeL5v0MDoPfJLdcLd0YTd2nJm/zwY1/Od3/fc4Ql22YkvRwc1WZtDmANfN/jcPT2MIcYdQ8S+y3FSgNbQHU8XEYPL7PXieAuHNKYeVnRbwSZgWq41uhV0WuVy/sybuZRPaliXzo7KZKlUVw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=cornell.edu; dmarc=pass action=none header.from=cornell.edu;
 dkim=pass header.d=cornell.edu; arc=none
Received: from MN2PR04MB6176.namprd04.prod.outlook.com (2603:10b6:208:e3::13)
 by MN2PR04MB5757.namprd04.prod.outlook.com (2603:10b6:208:3f::18)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.21; Fri, 6 Nov
 2020 04:02:46 +0000
Received: from MN2PR04MB6176.namprd04.prod.outlook.com
 ([fe80::113e:c874:1207:eca8]) by MN2PR04MB6176.namprd04.prod.outlook.com
 ([fe80::113e:c874:1207:eca8%6]) with mapi id 15.20.3541.021; Fri, 6 Nov 2020
 04:02:46 +0000
Subject: Re: AF_UNIX status report
To: cygwin-developers@cygwin.com
References: <1d0ea5dc-7e9b-d8fe-5f6e-da7a799a3b13@cornell.edu>
 <20201027094340.GJ5492@calimero.vinschen.de>
 <f02a7df2-3d72-9a52-9ad7-45ec5a980f89@cornell.edu>
 <0f945b4c-aa30-e08e-9f86-d4b41279ba10@pismotec.com>
 <20201030092019.GW5492@calimero.vinschen.de>
 <38e33f7a-e87d-fea8-ac9e-826f94c189d4@cornell.edu>
 <20201104120304.GF33165@calimero.vinschen.de>
 <88b3dfe6-a67d-c597-afe2-4edb13cee5d7@cornell.edu>
 <20201105172140.GP33165@calimero.vinschen.de>
 <90fdecee-fb2d-6b24-ef30-356df2dbc3d2@cornell.edu>
 <59856c67-d643-b662-bec5-69bbc6a81d19@pismotec.com>
From: Ken Brown <kbrown@cornell.edu>
Message-ID: <50c942dd-43f9-afa7-5251-688763c08530@cornell.edu>
Date: Thu, 5 Nov 2020 23:02:44 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.4.0
In-Reply-To: <59856c67-d643-b662-bec5-69bbc6a81d19@pismotec.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [2604:6000:b407:7f00:4d7:217c:b95e:420c]
X-ClientProxiedBy: CH2PR15CA0028.namprd15.prod.outlook.com
 (2603:10b6:610:51::38) To MN2PR04MB6176.namprd04.prod.outlook.com
 (2603:10b6:208:e3::13)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2604:6000:b407:7f00:4d7:217c:b95e:420c]
 (2604:6000:b407:7f00:4d7:217c:b95e:420c) by
 CH2PR15CA0028.namprd15.prod.outlook.com (2603:10b6:610:51::38) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3541.21 via Frontend Transport; Fri, 6 Nov 2020 04:02:45 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: dd6addb8-eac8-470d-4207-08d88208d19b
X-MS-TrafficTypeDiagnostic: MN2PR04MB5757:
X-Microsoft-Antispam-PRVS: <MN2PR04MB5757861AFB52776C742A3C46D8ED0@MN2PR04MB5757.namprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: NsTWyF6YLZ2hkeS3XGNMQ1a//OG/ihNcqDHy6LdFe1NfPRAM7ieEV8frGBD9GEeo1g1oshNSgFUeogurGlweoPOnQMpi59asNCkAR6v73vKaMPUFy40p1Q2bjejQguyyJqQFZktfgskXRcHLHvY1cz4aylHBq16h8ChOHYWy+66y8F5iISUYy8GUUrpAOB07ZJoXkQIBtWWnq0eeja8AIkNxTku80GYPBsAJ3hFEzHFN9TfC2gEKD0uUeat7v8TG7OOqlM0UXuPid3K5T193fhInqcEN6dC+PDeetDWUs3tAq8xAD85T9eMBIFItZRlAdP0NyG3p3RzeVlEezqSKTroIDrK9paWESwMcDwtV0SI7cGzMHiYebcC7xw1wxvIg
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:MN2PR04MB6176.namprd04.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(4636009)(39860400002)(346002)(366004)(136003)(396003)(376002)(31686004)(786003)(5660300002)(186003)(86362001)(16526019)(316002)(83380400001)(2906002)(66946007)(6916009)(7116003)(6486002)(53546011)(8676002)(66476007)(31696002)(2616005)(66556008)(52116002)(36756003)(8936002)(478600001)(75432002)(43740500002);
 DIR:OUT; SFP:1102; 
X-MS-Exchange-AntiSpam-MessageData: anIPBTszoGZsBV4xjyDWuY43UMlKnwZYDwwpchlsh1Gow3dTf6aMUy3syiTmZtTTZYdZU1esgCtn3++TAg1T6XOPtwLBUUu8JQksZ5qkeUuGoN206uTYrBNtDgaZP1L9hFMRHcI9giBvJinzupBP8Q35+GJ5uX4onQK9zmjvoDFCEPBzOs2AIZKI184PxIO+Grp3ao7ta4H50Mdv8ZoZ+oypr/kgg8f3VBmtmpw4MzZfpt5y3ChRPho3ZVTwulVuh+ilTdMe6zAFszvA6bfiBarwAFgcjdHYQ2G7Bg2Pwkb3+c04UwvaiHFqFMn3K6aGeIatRX/pB+3sIaKHxfrDSPa+lYPuVTrIaILCK5RnXBHyNobfrhkU07sW1jx0SSglEbzU/VRgrqEoESKEKT1rqNYrmMBTrVxf71U0mN7gkCYhpnrQe803C5IorC2U7ENh6Gjz7Btn3OE27ECFkeNZ/UOty1QeJ5N6Hwn+zFmHWyWwGwIJk3lOeTeVLBIMuXwkUh0cG0AbAklqzCs65YXpXh4Tr3uEZs1H1Qt/VSCyXgdcpBJ9YBUzA3IuIYWu8MwwRiJzhC9AAFSx9ar3yrPh6vJ9yviSVKO16bXa8nLf1qd9Cou7RXIAAF+fYvAEqIDxm/3UPrrUtb9Tqf2OsEADFLf3s4/3ZWbfHYJ6ACv1QXUB4/Do4HaFJEtILJkAQTO8KdIIt9tkQhHV9fQzRS9CfQ==
X-OriginatorOrg: cornell.edu
X-MS-Exchange-CrossTenant-Network-Message-Id: dd6addb8-eac8-470d-4207-08d88208d19b
X-MS-Exchange-CrossTenant-AuthSource: MN2PR04MB6176.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2020 04:02:46.4915 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5d7e4366-1b9b-45cf-8e79-b14b27df46e1
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: c0Tdq8cwCTaM4HFPmavzCL9xHHbKssL0tZDuxfXBu8R4ObKx2pRWzMSfAT4udQHX0KCI9Uvmaize1NNmGNMBWw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR04MB5757
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_00, DKIM_INVALID,
 DKIM_SIGNED, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, MSGID_FROM_MTA_HEADER,
 NICE_REPLY_A, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS,
 TXREP autolearn=no autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: cygwin-developers@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Cygwin core component developers mailing list
 <cygwin-developers.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin-developers>,
 <mailto:cygwin-developers-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin-developers/>
List-Post: <mailto:cygwin-developers@cygwin.com>
List-Help: <mailto:cygwin-developers-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin-developers>,
 <mailto:cygwin-developers-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2020 04:02:49 -0000

On 11/5/2020 2:54 PM, Joe Lowe wrote:
> 
> 
> On 2020-11-05 11:01, Ken Brown via Cygwin-developers wrote:
>> On 11/5/2020 12:21 PM, Corinna Vinschen wrote:
>>> On Nov  5 09:23, Ken Brown via Cygwin-developers wrote:
>>>> OK, here's how I imagine this working:
>>>>
>>>> A process wants to send a file descriptor fd, so it creates a msghdr with an
>>>> SCM_RIGHTS cmsghdr and calls sendmsg.  The latter creates and sends an admin
>>>> packet A containing the fhandler for fd, and then it sends the original
>>>> packet P.
>>>>
>>>> At the receiving end, recvmsg sees packet A first (recvmsg is always
>>>> checking for admin packets anyway whenever it's called).  It stores the
>>>> fhandler somewhere.  When it then reads packet P, it retrieves the stored
>>>> fhandler, fiddles with it (duplicating handles, etc.), and creates the new
>>>> file descriptor.
>>>
>>> Actually, this needs to be implemented in a source/dest-independent
>>> manner.  Only the server of the named pipe can impersonate the client.
>>> So the server side should do the job of duplicating the handles.  If the
>>> sever is also the source of SCM_RIGHTS, it should send the fhandler with
>>> already duplicated handles.
>>
>> Ah, OK.  I was thinking of it differently.  Rather than having the server 
>> impersonate the client, I was thinking that the sender would send its winpid 
>> as part of its admin packet, which the receiver could then use to get a handle 
>> to the sender's process.  The receiver could then duplicate the handles.  But 
>> maybe your approach is better.  I'll have to rethink it.
> 
> SCM_RIGHTS on *nix; fd are retained by message buffering in the kernel. A 
> sending process can close an fd after sendmsg is called, before recvmsg is 
> called in the receiving process.

I hadn't thought about that.

> SCM_RIGHTS on *nix; fd are not added to a receiving process fd table until the 
> SCM_RIGHTS message is read. This is a consideration for DOS attacks.
> 
> So I expect it is necessary to create a temp copy of each fd being sent, so the 
> sender can close the original.

Sounds right.

Ken