On Sun, Apr 08, 2018 at 07:10:27AM +0200, Sebastien Marie wrote: > I think it is the more simple way to achieve it. Moving the related code > from unp_connect() to unp_connect2() should be possible (only few direct > callers of {so,unp_}connect2() ), but unp_connid will not be copied on > the two sockets.
This is layer violation. The socket layer does not know that the domain is AF_UNIX. You must check that before calling sotounpcb(). I think it would be best to implement this in unp_connect2(). Although sogetopt(SO_PEERCRED) also does a layer violation, but at least it checks for AF_UNIX. bluhm