Date: Fri, 4 May 2001 17:07:38 -0700 From: Alfred Perlstein <bright@wintelcom.net> To: Dima Dorfman <dima@unixfreak.org> Cc: hackers@FreeBSD.ORG Subject: Re: Getting peer credentials on a unix domain socket Message-ID: <20010504170738.U18676@fw.wintelcom.net> In-Reply-To: <20010504230540.00BEE3E0B@bazooka.unixfreak.org>; from dima@unixfreak.org on Fri, May 04, 2001 at 04:05:39PM -0700 References: <20010504230540.00BEE3E0B@bazooka.unixfreak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Dima Dorfman <dima@unixfreak.org> [010504 16:06] wrote: > Is there a reliable method of obtaining the credentials (uid/gid) of a > peer (SOCK_STREAM sockets only, obviously) on a unix domain socket? > All the Stevens books I have suggest that there isn't, but I'm > wondering if something has been developed since those books were > published. Note that a BSD/OS-like LOCAL_CREDS socket opt is not > sufficient because using the latter the process must wait until the > peer sends something before they can learn its credentials. If this > process intends to drop the connection if it's not from an authorized > source, this may lead to a DoS attack. Timers don't help, either; > think of TCP SYN flood-like attacks. Someone had some patches for a getpeercreds() syscall, but I wasn't happy with it considering we already have the sendmsg() stuff to pass credentials along with the fact that the initial creator of a socket may be long gone before it's used to connect to something. -- -Alfred Perlstein - [alfred@freebsd.org] Represent yourself, show up at BABUG http://www.babug.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010504170738.U18676>