unix domain socket security and PID retrieval

Heiko Wundram (Beenic) wundram at beenic.net
Mon Feb 4 11:53:22 UTC 2008

Am Montag, 4. Februar 2008 11:30:21 schrieb Zane C.B.:
> Been starting to look into writing some stuff that uses unix domain
> sockets, but I've been running into the problem of figuring out what
> the calling PID is on the other end.
> Any suggestions on where I should begin to look?
> As it currently stands, I am looking at doing this with perl.

Check out man 3 sendmsg and man 3 recvmsg (which should be wrapped in Perl in 
some way or another), and passing SCM_CREDS messages between the two 
processes. The SCM_CREDS message is filled in my the kernel, so there's no 
way (unless the other side is "root") to spoof the credentials information.

This requires that the sending end willingly sends SCM_CREDS (and the receiver 
uses recvmsg to query for it), and sends at least one byte of data along with 
the ancilliary message.

Heiko Wundram
Product & Application Development

More information about the freebsd-questions mailing list