From owner-freebsd-hackers Tue Aug 8 9:35:40 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 4629637B5CE for ; Tue, 8 Aug 2000 09:35:37 -0700 (PDT) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e78GZSw10339; Tue, 8 Aug 2000 09:35:28 -0700 (PDT) Date: Tue, 8 Aug 2000 09:35:28 -0700 From: Alfred Perlstein To: "William E. Baxter" Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: getpeereid() syscall patch for FreeBSD 4.0 Message-ID: <20000808093527.D4854@fw.wintelcom.net> References: <20000808112602.A17676@zeus.superscript.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <20000808112602.A17676@zeus.superscript.com>; from web@superscript.com on Tue, Aug 08, 2000 at 11:26:02AM -0500 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * William E. Baxter [000808 09:27] wrote: > A patch implementing a getpeereid() syscall in FreeBSD 4.0 is > available at > > http://www.superscript.com/patches/freebsd_4_0.getpeereid > > A local-domain server uses getpeereid() to obtain client credentials. > Based on getpeereid() I created ucspi-ipc, a local-domain analogue to > Dan Bernstein's ucspi-tcp. The project came about after I read the > "Wiping out setuid programs" discussion the the BugTraq archives. At > present, ucspi-ipc runs on patched OpenBSD, patched FreeBSD, and on > Linux kernels that support SO_PEERCRED with getsockopt(). I haven't used the credential passing feature of sendmsg(), but I was wondering what advantages this has over being able to pass kernel verified id's through a unix domain socket using SCM_CREDS. My reading of UNP seems to indicate that it offers the same features. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message