From owner-freebsd-hackers  Fri May  4 16: 5:41 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138])
	by hub.freebsd.org (Postfix) with ESMTP id 5A62737B423
	for <hackers@freebsd.org>; Fri,  4 May 2001 16:05:40 -0700 (PDT)
	(envelope-from dima@unixfreak.org)
Received: from spike.unixfreak.org (spike [63.198.170.139])
	by bazooka.unixfreak.org (Postfix) with ESMTP id 00BEE3E0B
	for <hackers@freebsd.org>; Fri,  4 May 2001 16:05:39 -0700 (PDT)
To: hackers@freebsd.org
Subject: Getting peer credentials on a unix domain socket
Date: Fri, 04 May 2001 16:05:39 -0700
From: Dima Dorfman <dima@unixfreak.org>
Message-Id: <20010504230540.00BEE3E0B@bazooka.unixfreak.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Is there a reliable method of obtaining the credentials (uid/gid) of a
peer (SOCK_STREAM sockets only, obviously) on a unix domain socket?
All the Stevens books I have suggest that there isn't, but I'm
wondering if something has been developed since those books were
published.  Note that a BSD/OS-like LOCAL_CREDS socket opt is not
sufficient because using the latter the process must wait until the
peer sends something before they can learn its credentials.  If this
process intends to drop the connection if it's not from an authorized
source, this may lead to a DoS attack.  Timers don't help, either;
think of TCP SYN flood-like attacks.

Thanks,

					Dima Dorfman
					dima@unixfreak.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message