Date: Tue, 8 Aug 2000 09:35:28 -0700 From: Alfred Perlstein <bright@wintelcom.net> To: "William E. Baxter" <web@superscript.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: getpeereid() syscall patch for FreeBSD 4.0 Message-ID: <20000808093527.D4854@fw.wintelcom.net> In-Reply-To: <20000808112602.A17676@zeus.superscript.com>; from web@superscript.com on Tue, Aug 08, 2000 at 11:26:02AM -0500 References: <20000808112602.A17676@zeus.superscript.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* William E. Baxter <web@superscript.com> [000808 09:27] wrote: > A patch implementing a getpeereid() syscall in FreeBSD 4.0 is > available at > > http://www.superscript.com/patches/freebsd_4_0.getpeereid > > A local-domain server uses getpeereid() to obtain client credentials. > Based on getpeereid() I created ucspi-ipc, a local-domain analogue to > Dan Bernstein's ucspi-tcp. The project came about after I read the > "Wiping out setuid programs" discussion the the BugTraq archives. At > present, ucspi-ipc runs on patched OpenBSD, patched FreeBSD, and on > Linux kernels that support SO_PEERCRED with getsockopt(). I haven't used the credential passing feature of sendmsg(), but I was wondering what advantages this has over being able to pass kernel verified id's through a unix domain socket using SCM_CREDS. My reading of UNP seems to indicate that it offers the same features. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000808093527.D4854>