Re: [PATCH] Disable AF_UNIX handshake with setsockopt(..., SO_PEERCRED, ...)

On Oct 13 10:20, Corinna Vinschen wrote: On Oct 13 07:37, Christian Franke wrote: Corinna Vinschen wrote: On Oct 10 20:04, Corinna Vinschen wrote: In short, the whole code is written under the assumption that any sane application calling nonblocking connect would always call select/poll

Re: [PATCH] Disable AF_UNIX handshake with setsockopt(..., SO_PEERCRED, ...)

On Oct 10 20:04, Corinna Vinschen wrote: On Oct 10 18:36, Christian Franke wrote: After a nonblocking connect(), postfix calls poll() with pollfd.events = POLLIN only. If poll() succeeds, it calls recv(). This fails with ENOTCONN because the state is still connect_pending. Oh. So it

Re: [PATCH] Disable AF_UNIX handshake with setsockopt(..., SO_PEERCRED, ...)

On Oct 9 20:21, Christian Franke wrote: Corinna Vinschen wrote: +int +fhandler_socket::af_local_set_no_getpeereid () +{ + if (get_addr_family () != AF_LOCAL || get_socket_type () != SOCK_STREAM) +{ + set_errno (EINVAL); + return -1; +} + if (connect_state () !=

Re: [PATCH] Disable AF_UNIX handshake with setsockopt(..., SO_PEERCRED, ...)

Corinna Vinschen wrote: I was just looking into applying your patch when I got thinking over the change in select.cc once more. You're setting the connect_state from connect_pending to connected there when there's something to read on the socket. This puzzles me. A completed connection

Re: [PATCH] Disable AF_UNIX handshake with setsockopt(..., SO_PEERCRED, ...)

On Oct 10 18:36, Christian Franke wrote: Corinna Vinschen wrote: I was just looking into applying your patch when I got thinking over the change in select.cc once more. You're setting the connect_state from connect_pending to connected there when there's something to read on the socket.

Re: [PATCH] Disable AF_UNIX handshake with setsockopt(..., SO_PEERCRED, ...)

Hi Christian, On Sep 25 14:40, Christian Franke wrote: This is a workaround for this problem which blocks ITP postfix: https://cygwin.com/ml/cygwin/2014-08/msg00420.html With the patch, this disables the secret+cred handshakes of the AF_UNIX emulation: int sd = socket(AF_UNIX,

Re: [PATCH] Disable AF_UNIX handshake with setsockopt(..., SO_PEERCRED, ...)

Corinna Vinschen wrote: +int +fhandler_socket::af_local_set_no_getpeereid () +{ + if (get_addr_family () != AF_LOCAL || get_socket_type () != SOCK_STREAM) +{ + set_errno (EINVAL); + return -1; +} + if (connect_state () != unconnected)

[PATCH] Disable AF_UNIX handshake with setsockopt(..., SO_PEERCRED, ...)

This is a workaround for this problem which blocks ITP postfix: https://cygwin.com/ml/cygwin/2014-08/msg00420.html With the patch, this disables the secret+cred handshakes of the AF_UNIX emulation: int sd = socket(AF_UNIX, SOCK_STREAM, 0); setsockopt(sd, SOL_SOCKET, SO_PEERCRED, NULL, 0);