LOCAL_CREDS and unix domain sockets

With unix domain sockets, unix(4), are LOCAL_CREDS actually
supported
or not?

I've been trying to fetch this from within a Perl script
using 'my
$local_creds=$some_connection->sockopt(LOCAL_CREDS)',
but
all I keep getting is a undefined variable in return, as if
fetching
it is not supported.
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"

On Tue, 5 Feb 2008, Zane C.B. wrote:

> With unix domain sockets, unix(4), are LOCAL_CREDS
actually supported or 
> not?
>
> I've been trying to fetch this from within a Perl
script using 'my 
>
$local_creds=$some_connection->sockopt(LOCAL_CREDS)', but
all I keep getting 
> is a undefined variable in return, as if fetching it is
not supported.

It depends on the version of FreeBSD.  Using a C language
program I can get 
and set LOCAL_CREDS on FreeBSD 7.0 and it looks implemented
in the kernel. 
There are also some regression tests although I've not run
them, but it 
appears things are together.  Are you running an older
FreeBSD version and/or 
have you rebuilt Perl since support for LOCAL_CREDS was
added (April 2005)?

Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"

On Tue, 5 Feb 2008, Zane C.B. wrote:

> On Tue, 5 Feb 2008 13:21:10 -0200 Fernando Schapachnik

> <fschapachnikmecon.gov.ar> wrote:
>
>> En un mensaje anterior, Zane C.B. escribió:
>>> With unix domain sockets, unix(4), are
LOCAL_CREDS actually supported or 
>>> not?
>>>
>>> I've been trying to fetch this from within a
Perl script using 'my 
>>>
$local_creds=$some_connection->sockopt(LOCAL_CREDS)', but
all I keep 
>>> getting is a undefined variable in return, as
if fetching it is not 
>>> supported.
>>
>> Maybe LOCAL_CREDS is not defined. Maybe
LOCAL_CREDS() (perl notation for 
>> constants) works?
>
> Hmm, that turns out to be the point. I've checked and
it is not in 
> '/usr/local/lib/perl5/5.8.8/mach/Socket.pm'.
>
> I think my understanding if when I originally posted
the email was wrong as 
> well. I need to set the socket option LOCAL_CREDS and
fetch them using 
> recvmsg.
>
> Can some one please verify my understanding of this is
right?

Yes, that's correct -- you use setsockopt() to request that
an SCM_CREDS 
control message be attached to either every message coming
in on the socket 
(SOCK_DGRAM) or the first message arriving on accepted
sockets (listen 
SOCK_STREAM).  You can then use recvmsg to get the
credential information.

Alternatively, LOCAL_PEERCRED allows you to query the
credential at any time 
using a socket option for a stream socket (keep in mind that
the credential is 
cached when the connection is made, and might not reflect
the credential of a 
process sending on the socket if it's been
inherited/passed).

Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"