unix domain socket security and PID retrieval
v.velox at vvelox.net
Mon Feb 4 20:17:08 UTC 2008
On Mon, 4 Feb 2008 13:38:37 -0600
"Zane C.B." <v.velox at vvelox.net> wrote:
> On Mon, 4 Feb 2008 15:36:30 +0100
> "Heiko Wundram (Beenic)" <wundram at beenic.net> wrote:
> > Am Montag, 4. Februar 2008 15:21:52 schrieb Zane C.B.:
> > > I've come across that mentioned in unix(4). There is no support
> > > for it in regards to Perl. Another problem is it requires
> > > support for that on both ends.
> > >
> > > More and more it looks like getting either PID and/or user info
> > > about the other process connecting up to it is impossible, with
> > > out writing some sort of authentication system for the two to
> > > use or both ends have to support the LOCAL_CREDS stuff.
> > I cannot believe that this doesn't exist for Perl (everything
> > exists for Perl in one way or another...), and anyway, a quick
> > search on CPAN found this, which looks as though it's (at least
> > part of) what you're looking for:
> > http://search.cpan.org/~mjp/Socket-MsgHdr-0.01/MsgHdr.pm
> > Finally, thinking back to the last time I used SCM_CREDS on Linux
> > (which is a loooong time ago), I'm not even sure that the sender
> > has to send an SCM_CREDS message (which would invalidate my former
> > reply); I think it's enough if the receiver requests to get one
> > (which will be filled in by the kernel), see the description in
> > the referenced page above which shows you how to set up the
> > corresponding recvmsg call.
> > Sending one is only required in case the sender is root and wants
> > to spoof it's credentials to the remote process (IIRC).
> Thanks. I did not think to try a search for that. I was trying
> various combinations involving the word unix and socket.
> I've gotten it installed now and will post with how it works out.
I can say it installs mostly fine. A few tests do not pass. I am
still working on getting a working test script with it.
More information about the freebsd-questions