From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <kbrown@cornell.edu>
Received: from NAM10-BN7-obe.outbound.protection.outlook.com
 (mail-bn7nam10on2116.outbound.protection.outlook.com [40.107.92.116])
 by sourceware.org (Postfix) with ESMTPS id B7BB33857000
 for <cygwin-developers@cygwin.com>; Thu,  5 Nov 2020 23:41:19 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org B7BB33857000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=GuIRUfVPK2875G6Pm68PuzoeKhmrjGpe8TUUI7bV5e9uN1sakqD5bJFP0y8LKkkK/oGcvUNjx+GrxFR9ILG+9K2ywO+7SDuNu+IjxICUMTd70NcKnB9gckNhR2rX3HnpitbX70kUwAQS+dzhASAe8PI6EFSM2DlritwC5OG2ZQrHdrB5D3zuNXVDhnz0gOZW+9bOcPCp7bRFKHze1OxF7OTLTmIx0BJ7/mk/0ClKIuf/WxNPLmwZzuym5Viyxc2sczVTCvjagZoSEjiYin05Ov3YbJHTU5XuQslw06VrK/1/7Hh915NncAfeIPdcbp1ZTaDcHfiGwg7tCs2b629ZMg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=/E/pjwUrklCkPhzlGerMx4fOM4hK68HTAzwE+Q598iM=;
 b=RSwKghK8+tOYIVZqNW8Rm60u9oXLF+29dGT7ngC9SvVx1WU0RkKgHv/6Hh9N7Ikk1pIwz4KMV7dpTUA42i4spvEcox4EZd4aOdwTHKHOeQIp1bxNzUEXwYw4J5TXKhc0a6cAPJjvGIvR7aq5i7Rr8I6GmQz0DVwWyVHdEtm+Q7Xnm6i6omtRbciS9/8JJJYegwF4Xey0x6MZwoW9oBNVxsqWHZ568SJAb+a1SNju60oFrRwycq8m4FhsrOj5T9Se3hx3yMBbl77QIEnl4OyTgVTHCddnOh8++irbbrNbQyF72QLtARiWLErw2Y+fq1NzTXB4mk36KQFmNBbSg+D/lA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=cornell.edu; dmarc=pass action=none header.from=cornell.edu;
 dkim=pass header.d=cornell.edu; arc=none
Received: from MN2PR04MB6176.namprd04.prod.outlook.com (2603:10b6:208:e3::13)
 by MN2PR04MB5967.namprd04.prod.outlook.com (2603:10b6:208:da::15)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.29; Thu, 5 Nov
 2020 23:41:18 +0000
Received: from MN2PR04MB6176.namprd04.prod.outlook.com
 ([fe80::113e:c874:1207:eca8]) by MN2PR04MB6176.namprd04.prod.outlook.com
 ([fe80::113e:c874:1207:eca8%6]) with mapi id 15.20.3541.021; Thu, 5 Nov 2020
 23:41:18 +0000
Subject: Re: AF_UNIX status report
To: cygwin-developers@cygwin.com
References: <1d0ea5dc-7e9b-d8fe-5f6e-da7a799a3b13@cornell.edu>
 <20201027094340.GJ5492@calimero.vinschen.de>
 <f02a7df2-3d72-9a52-9ad7-45ec5a980f89@cornell.edu>
 <0f945b4c-aa30-e08e-9f86-d4b41279ba10@pismotec.com>
 <20201030092019.GW5492@calimero.vinschen.de>
 <38e33f7a-e87d-fea8-ac9e-826f94c189d4@cornell.edu>
 <20201104120304.GF33165@calimero.vinschen.de>
 <88b3dfe6-a67d-c597-afe2-4edb13cee5d7@cornell.edu>
 <20201105172140.GP33165@calimero.vinschen.de>
From: Ken Brown <kbrown@cornell.edu>
Message-ID: <80cb96b8-065d-b146-b879-170031ba28b5@cornell.edu>
Date: Thu, 5 Nov 2020 18:41:16 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.4.0
In-Reply-To: <20201105172140.GP33165@calimero.vinschen.de>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [2604:6000:b407:7f00:4d7:217c:b95e:420c]
X-ClientProxiedBy: MN2PR20CA0046.namprd20.prod.outlook.com
 (2603:10b6:208:235::15) To MN2PR04MB6176.namprd04.prod.outlook.com
 (2603:10b6:208:e3::13)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2604:6000:b407:7f00:4d7:217c:b95e:420c]
 (2604:6000:b407:7f00:4d7:217c:b95e:420c) by
 MN2PR20CA0046.namprd20.prod.outlook.com (2603:10b6:208:235::15) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.21 via Frontend
 Transport; Thu, 5 Nov 2020 23:41:18 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: bfb29589-8f40-43df-af00-08d881e44aec
X-MS-TrafficTypeDiagnostic: MN2PR04MB5967:
X-Microsoft-Antispam-PRVS: <MN2PR04MB5967165EC7EC7A1CB9167BA1D8EE0@MN2PR04MB5967.namprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Zg1qSG18tVoLzKYCukEaviafBuY/nThsVpfsdpuD1quXJc9yitWW/IsvlIf1ImDVgRm4ivyPEOcyfsL4VFePYDWSBr2NDg8cq6Vtgc1y0CnPgx9TYOOfdjPsq5SX1zyIemrGyeV/mJk0rfr0MxaZa5SBLgvXnVxkC7oVZDdyHHD85sd3sZB05j1m2NOaea0qLObhxH24u3ff14WQ5QyBEI9hn6hn9JqayDyc4eaRj58uzv8dpy3UBB34ID0ma7wD0upDSdcnixHWstKeuP0fJItvPpaAkXxTyymyEay8OwDxbG+V0yVUQsxvbn38DAW8KJlZYA590p8VeRS61+nb+g73PA18xZa/z36wTjwOUrllNt8bG10zfaMv/LuUjnDX
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:MN2PR04MB6176.namprd04.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(4636009)(396003)(376002)(136003)(39860400002)(346002)(366004)(186003)(52116002)(66476007)(8676002)(53546011)(5660300002)(6486002)(66556008)(75432002)(31686004)(478600001)(8936002)(66946007)(16526019)(31696002)(36756003)(786003)(2616005)(83380400001)(7116003)(316002)(2906002)(6916009)(86362001)(43740500002);
 DIR:OUT; SFP:1102; 
X-MS-Exchange-AntiSpam-MessageData: 6Nfs+NmLMH1tZtfOICTBmJdYAkm31n7OSdIMe3oyb5VsyR3drFG/+Em3AJGTej0vDOTvia+NpN7kttVqtAs0RM4bpBoYN4xLqisLcYdBHBS3UEc82RyHzspQF/ZZKtKLH7XmC0yh06Gce+BkD4c4MLeZF/gW1/2/04/TMcCAq+59GD0BJ2r/T4NBDslT3QLRVIfu15wSlz92mrb6Kv+9iwQevuE8h7oJz8WdII7Q2JOQene6ngqxaOxrqiAd4CWTSWrC7zNr+ZmogoEA1ucqtMXLjoK/8y9nmMPgwzq9MYJZnkpy0DdWmOmep2fKvsd7hpcrbYkzTE3lNwQWL3gGWxCiUffJae0aQEF2jH47kub68k3MuOIYKM59ldem6zykaW0pdASVqIdw8CIcGe/PgdVO+gQBt1zkD7xHSKB+9ooVOwKgkqkKuC4RJifPxBlXjRZszbxll21N9CyyzdHIzndtqEjgnWzNWUkHp9LWNiXpZeWjdKfTgZ1LdL5JfmEIC3SnTYFlZI7vrQqu5yVv6od3AlgzLJtmfIk654Sd/dnKh08jV+epsbunA57SMptnUkVN+3ZIPwqIoilDT9ybXf3R0SYvkoU3r7Zg3JIkRS0cFCLTlfqbXsxL9IYeV95y4DJ3bQj/7s9gLbOcFryN1461dtUke5Kjb9UqhqGvRiIJc66AevqB1JjnREZT5HZt+p0FPjYkmftJFzodJAu+Ag==
X-OriginatorOrg: cornell.edu
X-MS-Exchange-CrossTenant-Network-Message-Id: bfb29589-8f40-43df-af00-08d881e44aec
X-MS-Exchange-CrossTenant-AuthSource: MN2PR04MB6176.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Nov 2020 23:41:18.4236 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5d7e4366-1b9b-45cf-8e79-b14b27df46e1
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 1zqK18Gi4rsQdUls7homd047RSNzimzJY4dfE2SviHq3ZTJ7VKSmoRwpVCPROtob7wA2jFq0OhaTUEqUssFdFA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR04MB5967
X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, MSGID_FROM_MTA_HEADER, NICE_REPLY_A,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: cygwin-developers@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Cygwin core component developers mailing list
 <cygwin-developers.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin-developers>,
 <mailto:cygwin-developers-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin-developers/>
List-Post: <mailto:cygwin-developers@cygwin.com>
List-Help: <mailto:cygwin-developers-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin-developers>,
 <mailto:cygwin-developers-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Thu, 05 Nov 2020 23:41:21 -0000

On 11/5/2020 12:21 PM, Corinna Vinschen wrote:
> On Nov  5 09:23, Ken Brown via Cygwin-developers wrote:
>> OK, here's how I imagine this working:
>>
>> A process wants to send a file descriptor fd, so it creates a msghdr with an
>> SCM_RIGHTS cmsghdr and calls sendmsg.  The latter creates and sends an admin
>> packet A containing the fhandler for fd, and then it sends the original
>> packet P.
>>
>> At the receiving end, recvmsg sees packet A first (recvmsg is always
>> checking for admin packets anyway whenever it's called).  It stores the
>> fhandler somewhere.  When it then reads packet P, it retrieves the stored
>> fhandler, fiddles with it (duplicating handles, etc.), and creates the new
>> file descriptor.
> 
> Actually, this needs to be implemented in a source/dest-independent
> manner.  Only the server of the named pipe can impersonate the client.
> So the server side should do the job of duplicating the handles.  If the
> sever is also the source of SCM_RIGHTS, it should send the fhandler with
> already duplicated handles.

The only example of pipe client impersonation I can find in the Cygwin code is 
in fhandler_pty_master::pty_master_thread.  Is this a good model to follow?  If 
not, can you point me to other examples somewhere?

AFAICT, the only reason for the impersonation is to check that the client has 
appropriate permissions before trying to duplicate handles from the server 
process to the client process.  Is that right?  What would go wrong if we didn't 
check this?  Is the issue that the client process would have handles that it 
can't access?

Ken