Re: [RFC] SO_PEERSEC - security credentials for Unix stream sockets
From: Stephen Smalley <hidden>
Date: 2003-12-16 13:47:31
Possibly related (same subject, not in this thread)
- 2003-12-16 · Re: [RFC] SO_PEERSEC - security credentials for Unix stream sockets · Chris Wright <hidden>
- 2003-12-13 · Re: [RFC] SO_PEERSEC - security credentials for Unix stream sockets · James Morris <hidden>
- 2003-12-13 · Re: [RFC] SO_PEERSEC - security credentials for Unix stream sockets · Chris Wright <hidden>
- 2003-12-12 · Re: [RFC] SO_PEERSEC - security credentials for Unix stream sockets · James Morris <hidden>
- 2003-12-10 · Re: [RFC] SO_PEERSEC - security credentials for Unix stream sockets · David S. Miller <hidden>
On Tue, 2003-12-16 at 08:19, James Morris wrote:
It's not reliable: the required buffer size could change between calls. Do you know of any examples of syscalls which do this?
getxattr(2). From the man page:
An empty buffer of size zero can be passed into these calls to return
the current size of the named extended attribute, which can be used to
estimate the size of a buffer which is sufficiently large to hold the
value associated with the extended attribute.
The interface is designed to allow guessing of initial buffer sizes,
and to enlarge buffers when the return value indicates that the buffer
provided was too small.
The SELinux getfilecon(3) function (libselinux/src/getfilecon.c) uses
getxattr(2) in this manner.
--
Stephen Smalley [off-list ref]
National Security Agency