Re: Extending sockcred

["Matthew Mondor" <mm_lists%pulsar-zone.net@localhost>]

On Monday, 7 Jul 2008 9:10:28
Iain Hibbert <plunky%rya-online.net@localhost> wrote:

> Perhaps you can make use of sbcreatecontrol() in that? (it might
> be morecomplex for the creds because the struct is variable length
> I don't know)

I didn't look into it yet, the original SCM_CREDS code didn't use it
either.  I'll check what sbcreatecontrol() does exactly.

> Also, I don't wish to be unduly dismissive but do you have a
> current need for this?  Although it is a minimal addition, if its
> not used by anything then perhaps it is likely to remain in the pr
> database.. does anything use LOCAL_PEEREID that could use this to
> better effect?

> hunting in-tree with grep gives me getpeereid(3) as the only
> usage, and this is in turn only used by openldap. heimdal and ssh
> *could* use it but currently don't seem to. All these are external
> programs that I guess use SOCK_STREAM and are unlikely to be
> changing to a NetBSD specific implementation.

The most likely candidate for LOCAL_PROC would be syslogd(8). 
Someone currently works on it to implement syslog-tls which is a good
start.  Once SoC ends I'll probably look at the results.  If tls/ssl
and potentially signing solves most of the security problems with
syslogd, there will remain for syslogd to prevent local spoofing by
i.e. providing a way to mark lines as trusted, i.e. those lines in
which syslogd would insert the true host/uid/pid of the log message
origin.

If syslogd knows the uid/pid/pgid of callers, it could also be
adapted to rate-limit sanely based on their source.  Currently the
only thing  syslogd does is prevent repetition of continous identical
lines.

For now, I added the relevant links to
https://ginseng.pulsar-zone.net/bookmarks/bookmarks_public.php#f1503
and will review this once the SoC is over.

Thanks,
-- 
Matthew Mondor