Date: Thu, 7 Jan 1999 21:47:42 +0100 From: Guido van Rooij <guido@gvr.org> To: Brian Behlendorf <brian@hyperreal.org>, freebsd-security@FreeBSD.ORG Subject: Re: Fwd: Wiping out setuid programs Message-ID: <19990107214742.B1721@gvr.org> In-Reply-To: <4.1.19990106113411.00bdc780@hyperreal.org>; from Brian Behlendorf on Wed, Jan 06, 1999 at 11:34:27AM -0800 References: <4.1.19990106113411.00bdc780@hyperreal.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 06, 1999 at 11:34:27AM -0800, Brian Behlendorf wrote:
> >
> >It turns out that Linux 2.1 already supports this feature. You can
> >implement getpeereuid() and getpeeregid() with a few lines on top of
> >getsockopt() with SO_PEERCRED. Other systems could easily add support.
> >
FreeBSD also has something like this. From recvmsg(2)
Process credentials can also be passed as ancillary data for AF_UNIX do-
main sockets using a cmsg_type of SCM_CREDS. In this case, cmsg_data
should be a structure of type cmsgcred, which is defined in
<sys/socket.h> as follows:
This was developped for secure RPC. It has the advantage over getpeere[ug]id()
that there might be more peers.
-Guido
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990107214742.B1721>