Linux sockets should maybe pass effective UID/GID

[kgaillot]

For non-Linux sockets, libqb appears to use the effective UID/GID as the socket credentials, and given the member naming in struct qb_ipcc_connection (i.e. euid/egid), it seems that was the original intent as well.

However, for Linux sockets, libqb enables SO_PASSCRED when connecting, and qb_ipc_auth_creds() pulls the other side's credentials from SCM_CREDENTIALS. I believe libqb on the other side lets the credentials default, which the kernel will set to the user's real UID/GID. I think only root can set SCM_CREDENTIALS when connecting, so it might not be helpful in all cases, but it would nice to use the effective UID/GID when possible.

For context, see this mailing list thread: https://www.mail-archive.com/[email protected]/msg10681.html

[wferi]

According to https://man7.org/linux/man-pages/man2/setreuid.2.html even unprivileged processes can set their real user ID to their effective user ID. I think this would also solve the original problem.

[chrissie-c]

@kgaillot While you are undoubtedly right, I worry what would break if we were to change it now.

[kgaillot]

@chrissie-c , @wferi 's comment gives me an alternative idea ... pacemaker's tools could make the effective ID the real ID before connecting.

[wferi]

@kgaillot I actually meant that the setuid wrapper written by the original poster could. I don't think the Pacemaker tools have any business manipulating these IDs.