unix domain socket security and PID retrieval
Zane C.B.
v.velox at vvelox.net
Mon Feb 4 19:37:44 UTC 2008
On Mon, 4 Feb 2008 15:36:30 +0100
"Heiko Wundram (Beenic)" <wundram at beenic.net> wrote:
> Am Montag, 4. Februar 2008 15:21:52 schrieb Zane C.B.:
> > I've come across that mentioned in unix(4). There is no support
> > for it in regards to Perl. Another problem is it requires support
> > for that on both ends.
> >
> > More and more it looks like getting either PID and/or user info
> > about the other process connecting up to it is impossible, with
> > out writing some sort of authentication system for the two to use
> > or both ends have to support the LOCAL_CREDS stuff.
>
> I cannot believe that this doesn't exist for Perl (everything
> exists for Perl in one way or another...), and anyway, a quick
> search on CPAN found this, which looks as though it's (at least
> part of) what you're looking for:
>
> http://search.cpan.org/~mjp/Socket-MsgHdr-0.01/MsgHdr.pm
>
> Finally, thinking back to the last time I used SCM_CREDS on Linux
> (which is a loooong time ago), I'm not even sure that the sender
> has to send an SCM_CREDS message (which would invalidate my former
> reply); I think it's enough if the receiver requests to get one
> (which will be filled in by the kernel), see the description in the
> referenced page above which shows you how to set up the
> corresponding recvmsg call.
>
> Sending one is only required in case the sender is root and wants
> to spoof it's credentials to the remote process (IIRC).
Thanks. I did not think to try a search for that. I was trying
various combinations involving the word unix and socket.
I've gotten it installed now and will post with how it works out.
More information about the freebsd-questions
mailing list