* Dima Dorfman <[EMAIL PROTECTED]> [010504 16:06] wrote:
> Is there a reliable method of obtaining the credentials (uid/gid) of a
> peer (SOCK_STREAM sockets only, obviously) on a unix domain socket?
> All the Stevens books I have suggest that there isn't, but I'm
> wondering if something has been developed since those books were
> published. Note that a BSD/OS-like LOCAL_CREDS socket opt is not
> sufficient because using the latter the process must wait until the
> peer sends something before they can learn its credentials. If this
> process intends to drop the connection if it's not from an authorized
> source, this may lead to a DoS attack. Timers don't help, either;
> think of TCP SYN flood-like attacks.
Someone had some patches for a getpeercreds() syscall, but I wasn't
happy with it considering we already have the sendmsg() stuff to pass
credentials along with the fact that the initial creator of a socket
may be long gone before it's used to connect to something.
--
-Alfred Perlstein - [[EMAIL PROTECTED]]
Represent yourself, show up at BABUG http://www.babug.org/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
