From owner-freebsd-security@FreeBSD.ORG Wed Feb 6 10:54:51 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 80C4916A420 for ; Wed, 6 Feb 2008 10:54:51 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id 41F7413C45B for ; Wed, 6 Feb 2008 10:54:51 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 9E0E64A018; Wed, 6 Feb 2008 05:54:50 -0500 (EST) Date: Wed, 6 Feb 2008 10:54:50 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: "Zane C.B." In-Reply-To: <20080205143119.067bd619@vixen42> Message-ID: <20080206105127.V33144@fledge.watson.org> References: <20080205083417.3f3a4a3b@vixen42> <20080205152110.GE1123@bal740r0.mecon.gov.ar> <20080205143119.067bd619@vixen42> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="621616949-972508569-1202295290=:33144" Cc: freebsd security , Fernando Schapachnik Subject: Re: LOCAL_CREDS and unix domain sockets X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Feb 2008 10:54:51 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --621616949-972508569-1202295290=:33144 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 5 Feb 2008, Zane C.B. wrote: > On Tue, 5 Feb 2008 13:21:10 -0200 Fernando Schapachnik=20 > wrote: > >> En un mensaje anterior, Zane C.B. escribi=F3: >>> With unix domain sockets, unix(4), are LOCAL_CREDS actually supported o= r=20 >>> not? >>> >>> I've been trying to fetch this from within a Perl script using 'my=20 >>> $local_creds=3D$some_connection->sockopt(LOCAL_CREDS)', but all I keep= =20 >>> getting is a undefined variable in return, as if fetching it is not=20 >>> supported. >> >> Maybe LOCAL_CREDS is not defined. Maybe LOCAL_CREDS() (perl notation for= =20 >> constants) works? > > Hmm, that turns out to be the point. I've checked and it is not in=20 > '/usr/local/lib/perl5/5.8.8/mach/Socket.pm'. > > I think my understanding if when I originally posted the email was wrong = as=20 > well. I need to set the socket option LOCAL_CREDS and fetch them using=20 > recvmsg. > > Can some one please verify my understanding of this is right? Yes, that's correct -- you use setsockopt() to request that an SCM_CREDS=20 control message be attached to either every message coming in on the socket= =20 (SOCK_DGRAM) or the first message arriving on accepted sockets (listen=20 SOCK_STREAM). You can then use recvmsg to get the credential information. Alternatively, LOCAL_PEERCRED allows you to query the credential at any tim= e=20 using a socket option for a stream socket (keep in mind that the credential= is=20 cached when the connection is made, and might not reflect the credential of= a=20 process sending on the socket if it's been inherited/passed). Robert N M Watson Computer Laboratory University of Cambridge --621616949-972508569-1202295290=:33144--