From owner-freebsd-security Thu Jan 7 12:48:28 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA04230 for freebsd-security-outgoing; Thu, 7 Jan 1999 12:48:28 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gvr.gvr.org (gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA04200 for ; Thu, 7 Jan 1999 12:48:21 -0800 (PST) (envelope-from guido@gvr.org) Received: (from guido@localhost) by gvr.gvr.org (8.8.8/8.8.5) id VAA01765; Thu, 7 Jan 1999 21:47:43 +0100 (MET) Message-ID: <19990107214742.B1721@gvr.org> Date: Thu, 7 Jan 1999 21:47:42 +0100 From: Guido van Rooij To: Brian Behlendorf , freebsd-security@FreeBSD.ORG Subject: Re: Fwd: Wiping out setuid programs References: <4.1.19990106113411.00bdc780@hyperreal.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <4.1.19990106113411.00bdc780@hyperreal.org>; from Brian Behlendorf on Wed, Jan 06, 1999 at 11:34:27AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Jan 06, 1999 at 11:34:27AM -0800, Brian Behlendorf wrote: > > > >It turns out that Linux 2.1 already supports this feature. You can > >implement getpeereuid() and getpeeregid() with a few lines on top of > >getsockopt() with SO_PEERCRED. Other systems could easily add support. > > FreeBSD also has something like this. From recvmsg(2) Process credentials can also be passed as ancillary data for AF_UNIX do- main sockets using a cmsg_type of SCM_CREDS. In this case, cmsg_data should be a structure of type cmsgcred, which is defined in as follows: This was developped for secure RPC. It has the advantage over getpeere[ug]id() that there might be more peers. -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message