Date: Sat, 18 Oct 2014 02:02:27 +0200 From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu> To: freebsd-net@freebsd.org Cc: david@madore.org, bapt@freebsd.org Subject: Adding IP_PEERCRED? Message-ID: <20141018020227.68b9a335@braud-santoni.eu>
next in thread | raw e-mail | index | archive | help
--Sig_/yK9yFxL/VONyD27aMUnHDyp Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hello, I would like to enquire about the possibility of adding an IP_PEERCRED socket option to ip(4) which would be similar to LOCAL_PEERCRED for unix(4). Such a option, when requested via getsockopt(2) on a not-connectionless IP = (v4 or v6) socket, would either - return credentials of the remote side (as a xucred structure) in the case of a loopback (non-cross-jail) socket; - fail (with EINVAL?). The intended use-case of such a functionnality would be for processes to provide services only to a given user, instead of the local host, while using IP sockets. For instance, an SSH client could use this feature to provide port forwards for a given user, instead of providing it to all users. While bapt@ thought at first glance that it might be a good idea, neither of us know whether it would be reasonable to implement. Any though on this? Best, Nicolas PS: Credit for this idea should go to David Madore (in CC), who blogged about it (in French): http://www.madore.org/~david/weblog/d.2014-10-16.2234.html --Sig_/yK9yFxL/VONyD27aMUnHDyp Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJUQa4XAAoJEPv4tP2UoeSeuO4P/1yVB1fyF4tKgfZt1pND5xu/ ff8vN86uE7Bqj9d4heucZLSjbF3rmBXJpaqB1xSXW1LNuodsPMbyiV8NgMHzxhVP 7b+i/lejrAo9PdkB5X1MhbTJvaAZVaTwZIo6/oIAe8rZJykKeRP4Dt9eZ/TgHJ+2 Ol2VbmIenwrVwWG21ewLWX55DNPIh0gMWCIr0DDyNZnkFaObfS8fh3KQ6m+ftzEN 3qJ9nZSQF4YrRXoD4lbT9aI6HS5LbPzjFRFNkGhUpMwayEhaYEdZSaZl+3VzmYnd sU1Npm4FO06XBZBb0xCzlokNj+by0eBQ33/SyKuAZNYUggPeHxQM9O+6C4kcrbVN pZTVxFKh43sb3N8sVfzbxCudecPaXangAoBXvNouZxk7JSn66SNebxzVNC00pntk hZT+KhiCewCah6TKzDlBs3L3WsBmBvt+YL9cfNS12vDgbrsJlcREsLogmZNykZmN 6+B9v66Nmqp56rlG6HgthG4N+CSxjL7Jorwx/9kcmQMkvRFQYrKAXd97Y5QzHYfa FAZcCDMTA5/zK8XNmmX9JwfXpIc0hGJxfazQYbCQboBlQifKlQz2YUTXmadVM/AL mkg1ytDe0hGB1ySa2EmmqlLLCClCxN7nSXIAZfDiVV6WTIj6ixOshA2+OkN3t1rt pSLHeMbNTTY2KDYkaYnp =tZiO -----END PGP SIGNATURE----- --Sig_/yK9yFxL/VONyD27aMUnHDyp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141018020227.68b9a335>