Adding IP_PEERCRED?
Adrian Chadd
adrian at freebsd.org
Sat Oct 18 02:00:40 UTC 2014
Sure! Put together a patch and let's review it.
-a
On 17 October 2014 17:02, Nicolas Braud-Santoni
<nicolas at braud-santoni.eu> wrote:
> Hello,
>
> I would like to enquire about the possibility of adding an IP_PEERCRED
> socket option to ip(4) which would be similar to LOCAL_PEERCRED for
> unix(4).
>
> Such a option, when requested via getsockopt(2) on a not-connectionless IP (v4 or v6) socket, would either
> - return credentials of the remote side (as a xucred structure) in the
> case of a loopback (non-cross-jail) socket;
> - fail (with EINVAL?).
>
>
> The intended use-case of such a functionnality would be for processes
> to provide services only to a given user, instead of the local host,
> while using IP sockets.
> For instance, an SSH client could use this feature to provide port
> forwards for a given user, instead of providing it to all users.
>
> While bapt@ thought at first glance that it might be a good idea,
> neither of us know whether it would be reasonable to implement.
> Any though on this?
>
>
> Best,
>
> Nicolas
>
> PS: Credit for this idea should go to David Madore (in CC), who blogged
> about it (in French):
> http://www.madore.org/~david/weblog/d.2014-10-16.2234.html
More information about the freebsd-net
mailing list