Re: How to check UID of process on the other side of local TCP/UDP connection



On Fri, Nov 24, 2006 at 10:11:39AM -0800, rainmailbox2001-ola@xxxxxxxx wrote:
I
was also thinking about using Unix sockets for communication, but it
seems that they also lack any mechanism for authenticating the client.

man 7 unix:
...
setsockopt(.., SO_PASSCRED, ...);
...
ANCILLARY MESSAGES
Ancillary data is sent and received using sendmsg(2) and
recvmsg(2).
...
SCM_CREDENTIALS
Send or receive Unix credentials. This can be used for authen-
tication. The credentials are passed as a struct ucred ancil-
lary message.

struct ucred {
pid_t pid; /* process ID of the sending process */
uid_t uid; /* user ID of the sending process */
gid_t gid; /* group ID of the sending process */
};

The credentials which the sender specifies are checked by the
kernel. A process with effective user ID 0 is allowed to spec-
ify values that do not match its own.

Anyways, I would prefer to stick with TCP/UDP, because this is what my
programs use already, and I don't really want to change everything to
Unix sockets (unless of course Unix sockets are the only good way to
resolve my problems).

Or you can try parsing the output of netstat (with option -p in Linux) or
lsof (eg: lsof -i 4@xxxxxxxxx:4015 for a connection from localhost,
port 4015).

--
lfr
0/0

Attachment: pgpLcbVEDmEvw.pgp
Description: PGP signature