On Fri, Jun 06, 2025 at 07:33:37AM +0000, Emmanuel Nyarko wrote: > > > On 5 Jun 2025, at 11:12???PM, Thor Lancelot Simon <t...@panix.com> wrote: > > > > What will happen when a socket changes hands by file descriptor passing > > over a Unix domain socket? > > But the reason is I want to add this support is for NPF to be able to give a > user based security to Unix servers in network layer. Like being able to > allow or deny certain users on a server from giving out resources. so maybe > for now, even if I???m doing it as opt-in, I can still exempt UDS from it > because I don???t think it will add anything to Unix Domain Sockets
I don't think you understand. I can accept a TCP connection on an AF_INET socket, then take the resulting file descriptor and transfer it to a completely unrelated process using a control message on an AF_UNIX socket. That process can be owned by a different user. What do you intend to happen to the AF_INET socket that is passed in this way?
