Date: Mon, 4 Feb 2008 14:16:33 -0600 From: "Zane C.B." <v.velox@vvelox.net> Cc: "Heiko Wundram \(Beenic\)" <wundram@beenic.net>, freebsd-questions@freebsd.org Subject: Re: unix domain socket security and PID retrieval Message-ID: <20080204141633.07099349@vixen42> In-Reply-To: <20080204133837.3c3b3b67@vixen42> References: <20080204043021.1a8ee670@vixen42> <200802041254.44475.wundram@beenic.net> <20080204082152.2129c3c6@vixen42> <200802041536.30469.wundram@beenic.net> <20080204133837.3c3b3b67@vixen42>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 4 Feb 2008 13:38:37 -0600 "Zane C.B." <v.velox@vvelox.net> wrote: > On Mon, 4 Feb 2008 15:36:30 +0100 > "Heiko Wundram (Beenic)" <wundram@beenic.net> wrote: > > > Am Montag, 4. Februar 2008 15:21:52 schrieb Zane C.B.: > > > I've come across that mentioned in unix(4). There is no support > > > for it in regards to Perl. Another problem is it requires > > > support for that on both ends. > > > > > > More and more it looks like getting either PID and/or user info > > > about the other process connecting up to it is impossible, with > > > out writing some sort of authentication system for the two to > > > use or both ends have to support the LOCAL_CREDS stuff. > > > > I cannot believe that this doesn't exist for Perl (everything > > exists for Perl in one way or another...), and anyway, a quick > > search on CPAN found this, which looks as though it's (at least > > part of) what you're looking for: > > > > http://search.cpan.org/~mjp/Socket-MsgHdr-0.01/MsgHdr.pm > > > > Finally, thinking back to the last time I used SCM_CREDS on Linux > > (which is a loooong time ago), I'm not even sure that the sender > > has to send an SCM_CREDS message (which would invalidate my former > > reply); I think it's enough if the receiver requests to get one > > (which will be filled in by the kernel), see the description in > > the referenced page above which shows you how to set up the > > corresponding recvmsg call. > > > > Sending one is only required in case the sender is root and wants > > to spoof it's credentials to the remote process (IIRC). > > Thanks. I did not think to try a search for that. I was trying > various combinations involving the word unix and socket. > > I've gotten it installed now and will post with how it works out. I can say it installs mostly fine. A few tests do not pass. I am still working on getting a working test script with it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080204141633.07099349>