Re: [PATCH] rust: task: clarify comments on task UID accessors

Next message: Dmitry Baryshkov: "Re: [PATCH v2] arm64: dts: qcom: milos-fairphone-fp6: Add Hall Effect sensor"
Previous message: Dmitry Baryshkov: "Re: [PATCH v2 5/6] arm64: dts: qcom: milos: Add UFS nodes"
In reply to: Alice Ryhl: "Re: [PATCH] rust: task: clarify comments on task UID accessors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jann Horn

Date: Fri Feb 13 2026 - 16:13:32 EST

On Fri, Feb 13, 2026 at 3:43 PM Jann Horn <jannh@xxxxxxxxxx> wrote:
> I agree with that; I don't know what that failing test was. (Todd
> would probably know.) My understanding is:
>
> In the current version, the ->sender_euid reported to a transaction's
> recipient is the EUID of the sending process *at the time the
> transaction is received by the recipient*. (This is wrong if the
> sending process changed credentials after sending the transaction, and
> especially dangerous if the sending process went through a setuid
> execution in the meantime.)

Sorry, looks like I didn't read carefully enough when I was writing my
last mail, and I forgot the details since I last really looked at
this...
What I wrote above is wrong.

In current binder (both C and Rust versions), the ->sender_euid
reported to the recipient is the current EUID of the main thread of
the process that opened /dev/binder, recorded at the time the
transaction is sent.

In C binder, I believe there is no check that the thread actually
making the transaction is part of the process that opened /dev/binder;
Rust binder checks for this in get_current_thread().