AF_UNIX status report
Thu Oct 29 21:53:33 GMT 2020
On 2020-10-29 13:19, Ken Brown via Cygwin-developers wrote:
> On 10/27/2020 5:43 AM, Corinna Vinschen wrote:
>> On Oct 26 18:04, Ken Brown via Cygwin-developers wrote:
>>> I've made at least rudimentary implementations of all the
>>> fhandler_socket_unix functions (including those in select.cc) for which
>>> there were previously only placeholders.
>>> I've pushed everything to topic/af_unix, including a merge with
>>> master as of
>>> a couple days ago.
>>> I've cobbled together a few test programs and put them in
>>> winsup/cygwin/socket_tests on the topic/af_unix branch. I haven't
>>> taken the
>>> time to automate the tests, so they all have to be run
>>> interactively. There
>>> is a Makefile to build the test programs and a README.txt that shows
>>> how to
>>> run them.
>>> One thing I haven't yet done is to think about (or systematically test)
>>> datagram sockets. I'm sure there's quite a bit of code that won't
>>> work for
>>> Aside from datagram sockets, there are still a few things that I'm
>>> on, but I'm close to the point where I could use some input:
>>> 1. I've littered the code in fhandler_socket_unix.cc and select.cc with
>>> FIXME comments on which I'd like advice.
>> I'll look into it.
>>> 2. I haven't given any thought at all as to how to implement SCM_RIGHTS
>>> ancillary data. I could definitely use suggestions on that before I
>>> thrashing around.
>> I have only vague ideas at that point. Assuming we can replace the
>> socket implemantation with the pipe implementation, what we have is a
>> pipe which can impersonate the peer at least from the server side, and
>> it knows the client process. This in turn can be used to duplicate
>> handles. So what we could do is to define fhandler methods which create
>> a matching serialization and deserialization of the fhandler data, plus
>> duplicating the handles for the other process, sent over the pipe as
>> admin package. This must work in either direction, regardless if the
>> server or the client sends the SCM_RIGHTS block.
> This sounds reasonable.
> I have no experience with serialization. Do you happen to know of a
> good example that I could look at?
I have experience building a secure implementation of SCM_RIGHTS type
functionality over named pipe on Windows. This is not a small amount of
code if you want to handle processes running as different users or
privilege levels, and if you don't want to be a source of security
You might consider building an implementation of SCM_RIGHTS that is only
expected to work for processes running as the same user and privilege
level. At least this would be a good starting point. This would cover
the requirements of some unix code bases that use SCM_RIGHTS , and
avoids significant security issues and complexity.
More information about the Cygwin-developers