From 6c487efe74adb5c29f7bee5bd51b3ebef4968f7d Mon Sep 17 00:00:00 2001 From: Olaf Kirch Date: Tue, 30 Sep 2008 15:09:06 -0400 Subject: [PATCH] Fix getpeereid getpeereid fails because it uses an incorrect getsockopt call to obtain the peer credentials on a AF_LOCAL socket. This in turn will cause all RPC services to be registered with rpcbind to show up as having been registered by "unknown". This has a serious impact on security - a service owned by "unknown" can essentially be unregistered (and thus replaced) by anyone. Signed-off-by: Olaf Kirch Signed-off-by: Steve Dickson --- src/getpeereid.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/getpeereid.c b/src/getpeereid.c index 9207d9d..57ee197 100644 --- a/src/getpeereid.c +++ b/src/getpeereid.c @@ -41,7 +41,7 @@ getpeereid(int s, uid_t *euid, gid_t *egid) int error; uclen = sizeof(uc); - error = getsockopt(s, 0, SO_PEERCRED, &uc, &uclen); /* SCM_CREDENTIALS */ + error = getsockopt(s, SOL_SOCKET, SO_PEERCRED, &uc, &uclen); /* SCM_CREDENTIALS */ if (error != 0) return (error); // if (uc.cr_version != XUCRED_VERSION) -- 1.5.6