From owner-freebsd-questions@FreeBSD.ORG Mon Feb 4 14:35:09 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8C64416A50F for ; Mon, 4 Feb 2008 14:35:09 +0000 (UTC) (envelope-from wundram@beenic.net) Received: from mail.beenic.net (mail.beenic.net [83.246.72.40]) by mx1.freebsd.org (Postfix) with ESMTP id CD5D313C4D9 for ; Mon, 4 Feb 2008 14:35:08 +0000 (UTC) (envelope-from wundram@beenic.net) Received: from [192.168.1.32] (a89-182-21-0.net-htp.de [89.182.21.0]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.beenic.net (Postfix) with ESMTP id 02BA9A4453D for ; Mon, 4 Feb 2008 15:35:06 +0100 (CET) From: "Heiko Wundram (Beenic)" Organization: Beenic Networks GmbH To: freebsd-questions@freebsd.org Date: Mon, 4 Feb 2008 15:36:30 +0100 User-Agent: KMail/1.9.7 References: <20080204043021.1a8ee670@vixen42> <200802041254.44475.wundram@beenic.net> <20080204082152.2129c3c6@vixen42> In-Reply-To: <20080204082152.2129c3c6@vixen42> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200802041536.30469.wundram@beenic.net> Subject: Re: unix domain socket security and PID retrieval X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2008 14:35:09 -0000 Am Montag, 4. Februar 2008 15:21:52 schrieb Zane C.B.: > I've come across that mentioned in unix(4). There is no support for > it in regards to Perl. Another problem is it requires support for > that on both ends. > > More and more it looks like getting either PID and/or user info about > the other process connecting up to it is impossible, with out writing > some sort of authentication system for the two to use or both ends > have to support the LOCAL_CREDS stuff. I cannot believe that this doesn't exist for Perl (everything exists for Perl in one way or another...), and anyway, a quick search on CPAN found this, which looks as though it's (at least part of) what you're looking for: http://search.cpan.org/~mjp/Socket-MsgHdr-0.01/MsgHdr.pm Finally, thinking back to the last time I used SCM_CREDS on Linux (which is a loooong time ago), I'm not even sure that the sender has to send an SCM_CREDS message (which would invalidate my former reply); I think it's enough if the receiver requests to get one (which will be filled in by the kernel), see the description in the referenced page above which shows you how to set up the corresponding recvmsg call. Sending one is only required in case the sender is root and wants to spoof it's credentials to the remote process (IIRC). -- Heiko Wundram Product & Application Development