On 6 Jun 2025, at 1:42 AM, Jason Thorpe <thorpej%me.com@localhost> wrote:
On Jun 5, 2025, at 9:36 AM, Emmanuel Nyarko <emmankoko519%gmail.com@localhost> wrote:
Errmmm, I was thinking that it maybe becomes a default behavior.
I mean every socket should be owned by the process that the socket was created for.
This actually seems not that great. It’s de rigueur to have a more privileged process create a socket (or other sort of file descriptor) in a controlled fashion to pass off to a less-privileged process. This should be opt-in behavior on a per-file descriptor basis.
So what I want to get clear is that, if the root accepts a connection and gives that new(connect) socket to a less-privileged process, is it desirable that the new socket, given to the less-privileged process, still maintain a root so_cred? Even if I don’t do it as default and make it opt-in as we’ve agreed, do you consider the change a plausible one ?
So if 10 new non-root user processes are given a new ssh connection to handle, all their kernel socket should still maintain the so_cred as root ?
The listening socket is not part of the discussion as it should remain root its entire life because the servers listens on root.
A scoffer seeks wisdom in vain, but knowledge is easy for a man of understanding.
Emmanuel
|