Re: LOCAL_CREDS and unix domain sockets

---

• From: Robert Watson <rwatson@xxxxxxxxxxx>
• Date: Wed, 6 Feb 2008 10:54:50 +0000 (GMT)

---

On Tue, 5 Feb 2008, Zane C.B. wrote:

On Tue, 5 Feb 2008 13:21:10 -0200 Fernando Schapachnik <fschapachnik@xxxxxxxxxxxx> wrote:

En un mensaje anterior, Zane C.B. escribió:

With unix domain sockets, unix(4), are LOCAL_CREDS actually supported or not?

I've been trying to fetch this from within a Perl script using 'my $local_creds=$some_connection->sockopt(LOCAL_CREDS)', but all I keep getting is a undefined variable in return, as if fetching it is not supported.

Maybe LOCAL_CREDS is not defined. Maybe LOCAL_CREDS() (perl notation for constants) works?

Hmm, that turns out to be the point. I've checked and it is not in '/usr/local/lib/perl5/5.8.8/mach/Socket.pm'.

I think my understanding if when I originally posted the email was wrong as well. I need to set the socket option LOCAL_CREDS and fetch them using recvmsg.

Can some one please verify my understanding of this is right?

Yes, that's correct -- you use setsockopt() to request that an SCM_CREDS control message be attached to either every message coming in on the socket (SOCK_DGRAM) or the first message arriving on accepted sockets (listen SOCK_STREAM). You can then use recvmsg to get the credential information.

Alternatively, LOCAL_PEERCRED allows you to query the credential at any time using a socket option for a stream socket (keep in mind that the credential is cached when the connection is made, and might not reflect the credential of a process sending on the socket if it's been inherited/passed).

Robert N M Watson
Computer Laboratory
University of Cambridge_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

---

• References:
  • LOCAL_CREDS and unix domain sockets
    • From: Zane C.B.
  • Re: LOCAL_CREDS and unix domain sockets
    • From: Zane C.B.

• Prev by Date: failed binary version 6.2-6.3 update using freebsd-update.sh
• Next by Date: What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service
• Previous by thread: Re: LOCAL_CREDS and unix domain sockets
• Next by thread: failed binary version 6.2-6.3 update using freebsd-update.sh
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: HTTP Transfer with user interaction : how to stop transfer ... I noticed it in the manual page, but the documentation does not ... *really* tell me what the callback has to do. ... Is all needed to fetch ... eventually close the socket when the transfer ends? ... (comp.lang.tcl) Re: HTTP Transfer with user interaction : how to stop transfer ... *really* tell me what the callback has to do. ... Is all needed to fetch ... the bytes from the socket, write to state/file descriptor, and ... eventually close the socket when the transfer ends? ... (comp.lang.tcl) Re: Port number after listen ? ... port was choosen? ... Perpaps you meant bindor connect. ... Use getsocknameto fetch the address of your socket. ... (comp.unix.programmer) RE: UDP recvmsg blocks after select(), 2.6 bug? ... > on a subsequent recvmsg() on that socket. ... I guess we'll have to take that out if we want to comply with POSIX on ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: UDP recvmsg blocks after select(), 2.6 bug? ... When using selecton a socket for reading, ... recvmsg() function with parameters requesting normal and ancillary data, ... The presence of out-of-band data shall be checked if the ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2008-02