Date: Fri, 17 Oct 2014 19:00:37 -0700 From: Adrian Chadd <adrian@freebsd.org> To: Nicolas Braud-Santoni <nicolas@braud-santoni.eu> Cc: david@madore.org, FreeBSD Net <freebsd-net@freebsd.org>, Baptiste Daroussin <bapt@freebsd.org> Subject: Re: Adding IP_PEERCRED? Message-ID: <CAJ-Vmo=6RfcJuHMxjGm6FRjt%2ByV1AVdsbxCEsto7XbOQBBGLwg@mail.gmail.com> In-Reply-To: <20141018020227.68b9a335@braud-santoni.eu> References: <20141018020227.68b9a335@braud-santoni.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Sure! Put together a patch and let's review it. -a On 17 October 2014 17:02, Nicolas Braud-Santoni <nicolas@braud-santoni.eu> wrote: > Hello, > > I would like to enquire about the possibility of adding an IP_PEERCRED > socket option to ip(4) which would be similar to LOCAL_PEERCRED for > unix(4). > > Such a option, when requested via getsockopt(2) on a not-connectionless IP (v4 or v6) socket, would either > - return credentials of the remote side (as a xucred structure) in the > case of a loopback (non-cross-jail) socket; > - fail (with EINVAL?). > > > The intended use-case of such a functionnality would be for processes > to provide services only to a given user, instead of the local host, > while using IP sockets. > For instance, an SSH client could use this feature to provide port > forwards for a given user, instead of providing it to all users. > > While bapt@ thought at first glance that it might be a good idea, > neither of us know whether it would be reasonable to implement. > Any though on this? > > > Best, > > Nicolas > > PS: Credit for this idea should go to David Madore (in CC), who blogged > about it (in French): > http://www.madore.org/~david/weblog/d.2014-10-16.2234.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-Vmo=6RfcJuHMxjGm6FRjt%2ByV1AVdsbxCEsto7XbOQBBGLwg>