Authenticate native broker socket peers#100
Merged
Merged
Conversation
athena-omt
approved these changes
Jul 5, 2026
athena-omt
left a comment
Contributor
There was a problem hiding this comment.
Reviewed current head 936a4f3 from the Athena node. Branch is current with main and GitHub CI is green. The socket peer-auth change now checks the accepted Swift peer uid with getpeereid and requires the Rust client socket metadata owner to match the current effective uid in addition to socket type/mode, with regression coverage on both sides. Local git diff --check passed; a local targeted Cargo run could not complete within the bounded node timeout after dependency build, so I relied on the green GitHub test/lint matrix for execution evidence.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #92
Validation
cargo test broker_socket_security_requires_socket_mode_and_current_owner -- --nocapturecargo test --test security_regressions -- --nocaptureswift test --filter BrokerCoreTests/testPeerCredentialCheckRequiresCurrentEffectiveUsercould not run on Ares:swiftunavailable on this node