unix domain socket security and PID retrieval
Heiko Wundram (Beenic)
wundram at beenic.net
Mon Feb 4 14:35:09 UTC 2008
Am Montag, 4. Februar 2008 15:21:52 schrieb Zane C.B.:
> I've come across that mentioned in unix(4). There is no support for
> it in regards to Perl. Another problem is it requires support for
> that on both ends.
>
> More and more it looks like getting either PID and/or user info about
> the other process connecting up to it is impossible, with out writing
> some sort of authentication system for the two to use or both ends
> have to support the LOCAL_CREDS stuff.
I cannot believe that this doesn't exist for Perl (everything exists for Perl
in one way or another...), and anyway, a quick search on CPAN found this,
which looks as though it's (at least part of) what you're looking for:
http://search.cpan.org/~mjp/Socket-MsgHdr-0.01/MsgHdr.pm
Finally, thinking back to the last time I used SCM_CREDS on Linux (which is a
loooong time ago), I'm not even sure that the sender has to send an SCM_CREDS
message (which would invalidate my former reply); I think it's enough if the
receiver requests to get one (which will be filled in by the kernel), see the
description in the referenced page above which shows you how to set up the
corresponding recvmsg call.
Sending one is only required in case the sender is root and wants to spoof
it's credentials to the remote process (IIRC).
--
Heiko Wundram
Product & Application Development
More information about the freebsd-questions
mailing list