Re: Proposal to automatically make the owner/user of an accepted socket the current process

[Greg Troxel <gdt%lexort.com@localhost>]

Thor Lancelot Simon <tls%panix.com@localhost> writes:

> On Fri, Jun 06, 2025 at 07:33:37AM +0000, Emmanuel Nyarko wrote:
>> 
>> > On 5 Jun 2025, at 11:12???PM, Thor Lancelot Simon <tls%panix.com@localhost> wrote:
>> > 
>> > What will happen when a socket changes hands by file descriptor passing
>> > over a Unix domain socket?
>> 
>> But the reason is I want to add this support is for NPF to be able
>> to give a user based security to Unix servers in network layer. Like
>> being able to allow or deny certain users on a server from giving
>> out resources. so maybe for now, even if I???m doing it as opt-in, I
>> can still exempt UDS from it because I don???t think it will add
>> anything to Unix Domain Sockets
>
> I don't think you understand.  I can accept a TCP connection on an AF_INET
> socket, then take the resulting file descriptor and transfer it to a
> completely unrelated process using a control message on an AF_UNIX socket.
> That process can be owned by a different user.  What do you intend to happen
> to the AF_INET socket that is passed in this way?

A fair question, but in the current code, what does it mean for an
AF_INET socket to have an owner?

It may be that the firewall rules should be based on the process's
uid/gid, and that the concept of sockets having owners is just a red herring.