unix domain socket security and PID retrieval
Zane C.B.
v.velox at vvelox.net
Mon Feb 4 14:21:02 UTC 2008
On Mon, 4 Feb 2008 12:54:44 +0100
"Heiko Wundram (Beenic)" <wundram at beenic.net> wrote:
> Am Montag, 4. Februar 2008 11:30:21 schrieb Zane C.B.:
> > Been starting to look into writing some stuff that uses unix
> > domain sockets, but I've been running into the problem of
> > figuring out what the calling PID is on the other end.
> >
> > Any suggestions on where I should begin to look?
> >
> > As it currently stands, I am looking at doing this with perl.
>
> Check out man 3 sendmsg and man 3 recvmsg (which should be wrapped
> in Perl in some way or another), and passing SCM_CREDS messages
> between the two processes. The SCM_CREDS message is filled in my
> the kernel, so there's no way (unless the other side is "root") to
> spoof the credentials information.
>
> This requires that the sending end willingly sends SCM_CREDS (and
> the receiver uses recvmsg to query for it), and sends at least one
> byte of data along with the ancilliary message.
I've come across that mentioned in unix(4). There is no support for
it in regards to Perl. Another problem is it requires support for
that on both ends.
More and more it looks like getting either PID and/or user info about
the other process connecting up to it is impossible, with out writing
some sort of authentication system for the two to use or both ends
have to support the LOCAL_CREDS stuff.
More information about the freebsd-questions
mailing list