Re: Socket credentials (take 2)

[Andrew Doran <ad%netbsd.org@localhost>]

On Sat, Apr 25, 2009 at 03:40:17AM +0300, Elad Efrat wrote:

> A while ago I proposed to add credentials to sockets. Looking back at
> the thread:
> 
>     http://mail-index.netbsd.org/tech-kern/2006/07/21/0002.html
> 
> I see there were no objections, yet the thread just died.

It leaves open questions, e.g. what should happen on accept(). The meaning
of the credential is somewhat fuzzy.
 
> I would like to add them now.
>
> Questions:
>   - Are there any locking considerations present today that weren't
>     when the diff was made, or are omitted in it?

+       kauth_cred_hold(l->l_proc->p_cred);
+       so->so_cred = l->l_proc->p_cred;

I know it is an old patch, but I have repeatedly pointed out that you can't
used p_cred without locking. l_cred should be used where the operation is
with reference to the caller.

.. and if it's not in the core kernel, kauth_cred_get(), to reduce
sensitivity to ABI changes.

>   - I think "struct uidinfo" is only a member of "struct socket".
>     Perhaps, if we put credentials in a socket, we can remove it from
>       there, remove the "ui_uid" member, and attach it to the socket's
>       credentials using kauth_cred_setdata()?

The uidinfo is used in performance critical paths.
What would it look like if it were changed?