Re: [RFC] SO_PEERSEC - security credentials for Unix stream sockets

From: Stephen Smalley (sds@private)
Date: Tue Dec 16 2003 - 05:47:31 PST

  • Next message: Chris Wright: "Re: [RFC] SO_PEERSEC - security credentials for Unix stream sockets" 

    On Tue, 2003-12-16 at 08:19, James Morris wrote:
> It's not reliable: the required buffer size could change between calls.  
> Do you know of any examples of syscalls which do this?

getxattr(2).  From the man page:

       An empty buffer of size zero can be passed into these calls  to  return
       the  current size of the named extended attribute, which can be used to
       estimate the size of a buffer which is sufficiently large to  hold  the
       value associated with the extended attribute.
                                                                                
       The  interface  is  designed to allow guessing of initial buffer sizes,
       and to enlarge buffers when the return value indicates that the  buffer
       provided was too small.

The SELinux getfilecon(3) function (libselinux/src/getfilecon.c) uses
getxattr(2) in this manner.

-- 
Stephen Smalley <sds@private>
National Security Agency

    This archive was generated by hypermail 2b30 : Tue Dec 16 2003 - 05:48:36 PST