unix domain socket security and PID retrieval
Heiko Wundram (Beenic)
wundram at beenic.net
Mon Feb 4 11:53:22 UTC 2008
Am Montag, 4. Februar 2008 11:30:21 schrieb Zane C.B.:
> Been starting to look into writing some stuff that uses unix domain
> sockets, but I've been running into the problem of figuring out what
> the calling PID is on the other end.
>
> Any suggestions on where I should begin to look?
>
> As it currently stands, I am looking at doing this with perl.
Check out man 3 sendmsg and man 3 recvmsg (which should be wrapped in Perl in
some way or another), and passing SCM_CREDS messages between the two
processes. The SCM_CREDS message is filled in my the kernel, so there's no
way (unless the other side is "root") to spoof the credentials information.
This requires that the sending end willingly sends SCM_CREDS (and the receiver
uses recvmsg to query for it), and sends at least one byte of data along with
the ancilliary message.
--
Heiko Wundram
Product & Application Development
More information about the freebsd-questions
mailing list