Re: [RFC] SO_PEERSEC - security credentials for Unix stream sockets

From: Stephen Smalley (sds@private)
Date: Tue Dec 16 2003 - 05:47:31 PST

  • Next message: Chris Wright: "Re: [RFC] SO_PEERSEC - security credentials for Unix stream sockets"

    On Tue, 2003-12-16 at 08:19, James Morris wrote:
    > It's not reliable: the required buffer size could change between calls.  
    > Do you know of any examples of syscalls which do this?
    
    getxattr(2).  From the man page:
    
           An empty buffer of size zero can be passed into these calls  to  return
           the  current size of the named extended attribute, which can be used to
           estimate the size of a buffer which is sufficiently large to  hold  the
           value associated with the extended attribute.
                                                                                    
           The  interface  is  designed to allow guessing of initial buffer sizes,
           and to enlarge buffers when the return value indicates that the  buffer
           provided was too small.
    
    The SELinux getfilecon(3) function (libselinux/src/getfilecon.c) uses
    getxattr(2) in this manner.
    
    -- 
    Stephen Smalley <sds@private>
    National Security Agency
    



    This archive was generated by hypermail 2b30 : Tue Dec 16 2003 - 05:48:36 PST