kern/180468: LOCAL_PEERCRED support for PF_INET
Nicholas Wilson
nicholas at nicholaswilson.me.uk
Thu Jul 11 14:10:00 UTC 2013
>Number: 180468
>Category: kern
>Synopsis: LOCAL_PEERCRED support for PF_INET
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 11 14:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Nicholas Wilson
>Release: 9.1-RELEASE
>Organization:
>Environment:
>Description:
It would be very nice if inet connections over loopback supported LOCAL_PEERCRED. On Solaris, when you make a connection over a loopback device, getpeerucred "just works" and gives you the pid and uid of the connecting process on the local system.
This could be used to easily enhance the security of programs like OpenSSH: the ssh-agent uses a domain socket with getpeereid to verify the identity of connecting users, but if I run "ssh -D localhost:9999 ..." it runs an inet listener that any user can connect to. Being able to use the same credentials check here would be handy and plug a gap in our API.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list