Date: Tue, 8 Aug 2000 11:26:02 -0500 From: "William E. Baxter" <web@superscript.com> To: freebsd-hackers@freebsd.org Subject: getpeereid() syscall patch for FreeBSD 4.0 Message-ID: <20000808112602.A17676@zeus.superscript.com>
next in thread | raw e-mail | index | archive | help
A patch implementing a getpeereid() syscall in FreeBSD 4.0 is available at http://www.superscript.com/patches/freebsd_4_0.getpeereid A local-domain server uses getpeereid() to obtain client credentials. Based on getpeereid() I created ucspi-ipc, a local-domain analogue to Dan Bernstein's ucspi-tcp. The project came about after I read the "Wiping out setuid programs" discussion the the BugTraq archives. At present, ucspi-ipc runs on patched OpenBSD, patched FreeBSD, and on Linux kernels that support SO_PEERCRED with getsockopt(). Using ucspi-ipc, you can easily create local-domain client/server programs that allow privileged servers to act on behalf of nonprivileged clients. No setuid programs are required, and access is configurable, based on client user and group ID. For ucspi-ipc documentation, links to the relevant background information, patches, and information about the ucspi mailing list, please visit the ucspi-ipc home page at http://www.superscript.com/ucspi-ipc/intro.html I'd like to see getpeereid(), or sufficient basis for it, incorporated into future FreeBSD releases, so that we can all use ucspi-ipc without the need for a kernel patch. Regards, W. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000808112602.A17676>