From owner-freebsd-questions@FreeBSD.ORG  Mon Feb  4 11:53:22 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 66F9C16A419
	for <freebsd-questions@freebsd.org>;
	Mon,  4 Feb 2008 11:53:22 +0000 (UTC)
	(envelope-from wundram@beenic.net)
Received: from mail.beenic.net (mail.beenic.net [83.246.72.40])
	by mx1.freebsd.org (Postfix) with ESMTP id 2889D13C469
	for <freebsd-questions@freebsd.org>;
	Mon,  4 Feb 2008 11:53:22 +0000 (UTC)
	(envelope-from wundram@beenic.net)
Received: from [192.168.1.32] (a89-182-21-0.net-htp.de [89.182.21.0])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.beenic.net (Postfix) with ESMTP id 8D839A44535
	for <freebsd-questions@freebsd.org>;
	Mon,  4 Feb 2008 12:53:20 +0100 (CET)
From: "Heiko Wundram (Beenic)" <wundram@beenic.net>
Organization: Beenic Networks GmbH
To: freebsd-questions@freebsd.org
Date: Mon, 4 Feb 2008 12:54:44 +0100
User-Agent: KMail/1.9.7
References: <20080204043021.1a8ee670@vixen42>
In-Reply-To: <20080204043021.1a8ee670@vixen42>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200802041254.44475.wundram@beenic.net>
Subject: Re: unix domain socket security and PID retrieval
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Feb 2008 11:53:22 -0000

Am Montag, 4. Februar 2008 11:30:21 schrieb Zane C.B.:
> Been starting to look into writing some stuff that uses unix domain
> sockets, but I've been running into the problem of figuring out what
> the calling PID is on the other end.
>
> Any suggestions on where I should begin to look?
>
> As it currently stands, I am looking at doing this with perl.

Check out man 3 sendmsg and man 3 recvmsg (which should be wrapped in Perl in 
some way or another), and passing SCM_CREDS messages between the two 
processes. The SCM_CREDS message is filled in my the kernel, so there's no 
way (unless the other side is "root") to spoof the credentials information.

This requires that the sending end willingly sends SCM_CREDS (and the receiver 
uses recvmsg to query for it), and sends at least one byte of data along with 
the ancilliary message.

-- 
Heiko Wundram
Product & Application Development