From owner-freebsd-questions@FreeBSD.ORG Mon Feb 4 14:21:02 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B3D616A468 for ; Mon, 4 Feb 2008 14:21:02 +0000 (UTC) (envelope-from SRS0=0IHuIv=SZ=vvelox.net=v.velox@yourhostingaccount.com) Received: from mailout10.yourhostingaccount.com (mailout10.yourhostingaccount.com [65.254.253.81]) by mx1.freebsd.org (Postfix) with ESMTP id 13B8113C459 for ; Mon, 4 Feb 2008 14:21:01 +0000 (UTC) (envelope-from SRS0=0IHuIv=SZ=vvelox.net=v.velox@yourhostingaccount.com) Received: from mailscan03.yourhostingaccount.com ([10.1.15.3] helo=mailscan03.yourhostingaccount.com) by mailout10.yourhostingaccount.com with esmtp (Exim) id 1JM2Bv-0007hA-Q8 for freebsd-questions@freebsd.org; Mon, 04 Feb 2008 09:20:59 -0500 Received: from impout03.yourhostingaccount.com ([10.1.55.3] helo=impout03.yourhostingaccount.com) by mailscan03.yourhostingaccount.com with esmtp (Exim) id 1JM2Bv-0002sL-6r; Mon, 04 Feb 2008 09:20:59 -0500 Received: from authsmtp08.yourhostingaccount.com ([10.1.18.8]) by impout03.yourhostingaccount.com with NO UCE id lSLz1Y0040ASqTN0000000; Mon, 04 Feb 2008 09:20:59 -0500 X-EN-OrigOutIP: 10.1.18.8 X-EN-IMPSID: lSLz1Y0040ASqTN0000000 Received: from c-98-206-161-17.hsd1.il.comcast.net ([98.206.161.17] helo=vixen42) by authsmtp08.yourhostingaccount.com with esmtpa (Exim) id 1JM2Bu-0006Eb-LK; Mon, 04 Feb 2008 09:20:58 -0500 Date: Mon, 4 Feb 2008 08:21:52 -0600 From: "Zane C.B." To: "Heiko Wundram (Beenic)" Message-ID: <20080204082152.2129c3c6@vixen42> In-Reply-To: <200802041254.44475.wundram@beenic.net> References: <20080204043021.1a8ee670@vixen42> <200802041254.44475.wundram@beenic.net> X-Mailer: Claws Mail 3.0.2 (GTK+ 2.12.5; i386-portbld-freebsd6.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-EN-UserInfo: 0d1ca1697cdb7a831d4877828571b7ab:1570f0de6936c69fef9e164fffc541bc X-EN-AuthUser: vvelox2 Sender: "Zane C.B." X-EN-OrigIP: 98.206.161.17 X-EN-OrigHost: c-98-206-161-17.hsd1.il.comcast.net Cc: freebsd-questions@freebsd.org Subject: Re: unix domain socket security and PID retrieval X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2008 14:21:02 -0000 On Mon, 4 Feb 2008 12:54:44 +0100 "Heiko Wundram (Beenic)" wrote: > Am Montag, 4. Februar 2008 11:30:21 schrieb Zane C.B.: > > Been starting to look into writing some stuff that uses unix > > domain sockets, but I've been running into the problem of > > figuring out what the calling PID is on the other end. > > > > Any suggestions on where I should begin to look? > > > > As it currently stands, I am looking at doing this with perl. > > Check out man 3 sendmsg and man 3 recvmsg (which should be wrapped > in Perl in some way or another), and passing SCM_CREDS messages > between the two processes. The SCM_CREDS message is filled in my > the kernel, so there's no way (unless the other side is "root") to > spoof the credentials information. > > This requires that the sending end willingly sends SCM_CREDS (and > the receiver uses recvmsg to query for it), and sends at least one > byte of data along with the ancilliary message. I've come across that mentioned in unix(4). There is no support for it in regards to Perl. Another problem is it requires support for that on both ends. More and more it looks like getting either PID and/or user info about the other process connecting up to it is impossible, with out writing some sort of authentication system for the two to use or both ends have to support the LOCAL_CREDS stuff.