On Mon, Jan 29, 2024 at 08:25:29PM +0100, Paolo Bonzini wrote: > On Thu, Jan 25, 2024 at 5:38 PM Daniel P. Berrangé <berra...@redhat.com> > wrote: > > > +static void > > > +qio_channel_socket_get_peerpid(QIOChannel *ioc, > > > + unsigned int *pid, > > > + Error **errp) > > > +{ > > > +#ifdef CONFIG_LINUX > > > + QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc); > > > + Error *err = NULL; > > > + socklen_t len = sizeof(struct ucred); > > > + > > > + struct ucred cred; > > > + if (getsockopt(sioc->fd, > > > + SOL_SOCKET, SO_PEERCRED, > > > + &cred, &len) == -1) { > > > + error_setg_errno(&err, errno, "Unable to get peer credentials"); > > > + error_propagate(errp, err); > > > + } > > > + *pid = (unsigned int)cred.pid; > > > +#else > > > + *pid = 0; > > > > Defaulting 'pid' to 0 is potentially unsafe, because to a caller it > > now appears that the remote party is 'root' and thus implied to be > > a privileged account. > > This is a pid, so 0 cannot be confused; however, I agree that > returning an error is better.
Opps, face-palm ! With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|