Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 5 Feb 2008 08:28:26 -0600
From:      "Zane C.B." <v.velox@vvelox.net>
To:        "Heiko Wundram (Beenic)" <wundram@beenic.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: unix domain socket security and PID retrieval
Message-ID:  <20080205082826.03224660@vixen42>
In-Reply-To: <200802041536.30469.wundram@beenic.net>
References:  <20080204043021.1a8ee670@vixen42> <200802041254.44475.wundram@beenic.net> <20080204082152.2129c3c6@vixen42> <200802041536.30469.wundram@beenic.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 4 Feb 2008 15:36:30 +0100
"Heiko Wundram (Beenic)" <wundram@beenic.net> wrote:

> Am Montag, 4. Februar 2008 15:21:52 schrieb Zane C.B.:
> > I've come across that mentioned in unix(4). There is no support
> > for it in regards to Perl. Another problem is it requires support
> > for that on both ends.
> >
> > More and more it looks like getting either PID and/or user info
> > about the other process connecting up to it is impossible, with
> > out writing some sort of authentication system for the two to use
> > or both ends have to support the LOCAL_CREDS stuff.
> 
> I cannot believe that this doesn't exist for Perl (everything
> exists for Perl in one way or another...), and anyway, a quick
> search on CPAN found this, which looks as though it's (at least
> part of) what you're looking for:
> 
> http://search.cpan.org/~mjp/Socket-MsgHdr-0.01/MsgHdr.pm
> 
> Finally, thinking back to the last time I used SCM_CREDS on Linux
> (which is a loooong time ago), I'm not even sure that the sender
> has to send an SCM_CREDS message (which would invalidate my former
> reply); I think it's enough if the receiver requests to get one
> (which will be filled in by the kernel), see the description in the
> referenced page above which shows you how to set up the
> corresponding recvmsg call.
> 
> Sending one is only required in case the sender is root and wants
> to spoof it's credentials to the remote process (IIRC).

Been spending a bit of time messing around with it and it appears to
be broken.


I've tried various things, but it does not seem to fetch any thing.


#!/usr/bin/perl

use Socket::MsgHdr;
use Socket;
use IO::Socket::UNIX;

unlink("/tmp/testsocket");

my $listen_socket = new IO::Socket::UNIX( Local => "/tmp/testsocket",
Listen=>1);

while(my $conn = $listen_socket->accept){
    my $inHdr = Socket::MsgHdr->new(buflen=>8192, namelen=>256);

    recvmsg($conn, $inHdr, LOCAL_CREDS);

    my $creds=$conn->sockopt(LOCAL_CREDS);
    print $creds;

    my @cmsg = $inHdr->cmsghdr();
    $conn->send($#cmsg."\n");
    while (my ($level, $type, $data) = splice(@cmsg, 0, 3)) {
        $conn->send($level."\n".
                    $type."\n".
                    $data."\n\n");
    }

    $conn->close;
};



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080205082826.03224660>