> On 6 Jun 2025, at 1:42 AM, Jason Thorpe <thor...@me.com> wrote: > > > >> On Jun 5, 2025, at 9:36 AM, Emmanuel Nyarko <emmankoko...@gmail.com> wrote: >> >> Errmmm, I was thinking that it maybe becomes a default behavior. >> >> I mean every socket should be owned by the process that the socket was >> created for. > > This actually seems not that great. It’s de rigueur to have a more > privileged process create a socket (or other sort of file descriptor) in a > controlled fashion to pass off to a less-privileged process. This should be > opt-in behavior on a per-file descriptor basis.
So what I want to get clear is that, if the root accepts a connection and gives that new(connect) socket to a less-privileged process, is it desirable that the new socket, given to the less-privileged process, still maintain a root so_cred? Even if I don’t do it as default and make it opt-in as we’ve agreed, do you consider the change a plausible one ? So if 10 new non-root user processes are given a new ssh connection to handle, all their kernel socket should still maintain the so_cred as root ? The listening socket is not part of the discussion as it should remain root its entire life because the servers listens on root. > > -- thorpej > A scoffer seeks wisdom in vain, but knowledge is easy for a man of understanding. Emmanuel
