LOCAL_CREDS and unix domain sockets
Robert Watson
rwatson at FreeBSD.org
Wed Feb 6 02:54:51 PST 2008
On Tue, 5 Feb 2008, Zane C.B. wrote:
> On Tue, 5 Feb 2008 13:21:10 -0200 Fernando Schapachnik
> <fschapachnik at mecon.gov.ar> wrote:
>
>> En un mensaje anterior, Zane C.B. escribió:
>>> With unix domain sockets, unix(4), are LOCAL_CREDS actually supported or
>>> not?
>>>
>>> I've been trying to fetch this from within a Perl script using 'my
>>> $local_creds=$some_connection->sockopt(LOCAL_CREDS)', but all I keep
>>> getting is a undefined variable in return, as if fetching it is not
>>> supported.
>>
>> Maybe LOCAL_CREDS is not defined. Maybe LOCAL_CREDS() (perl notation for
>> constants) works?
>
> Hmm, that turns out to be the point. I've checked and it is not in
> '/usr/local/lib/perl5/5.8.8/mach/Socket.pm'.
>
> I think my understanding if when I originally posted the email was wrong as
> well. I need to set the socket option LOCAL_CREDS and fetch them using
> recvmsg.
>
> Can some one please verify my understanding of this is right?
Yes, that's correct -- you use setsockopt() to request that an SCM_CREDS
control message be attached to either every message coming in on the socket
(SOCK_DGRAM) or the first message arriving on accepted sockets (listen
SOCK_STREAM). You can then use recvmsg to get the credential information.
Alternatively, LOCAL_PEERCRED allows you to query the credential at any time
using a socket option for a stream socket (keep in mind that the credential is
cached when the connection is made, and might not reflect the credential of a
process sending on the socket if it's been inherited/passed).
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-security
mailing list