Re: getpeereid() for Linux

Andi Kleen (ak@suse.de)
Wed, 5 Sep 2001 12:48:07 +0200


On Wed, Sep 05, 2001 at 12:05:50PM +0200, Florian Weimer wrote:
> Andi Kleen <ak@suse.de> writes:
>
> > Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE> writes:
> >
> > > Would anyone like to give me a helping hand in implementing the
> > > getpeereid() syscall for Linux? See the following page for the
> > > documentation of the OpenBSD implementation:
> >
> > It is implemented for unix sockets (see unix(7))
>
> Hmm, it is not documented in my local copy (?). getpeereid() is
> different from the standard credential passing mechanism because it
> does not require cooperation of the other end.

SO_PEERCRED doesn't need any cooperation from the other end (at least
not for SOCK_STREAM)

> > For TCP it is rather useless because it would work only locally.
>
> Obviously, we need it only locally. ;-) The interface is useful if you
> are implementing poor man's VPN in user space.

There is netfilter owner match, but it is a bad hack.

I think you're better off with identd.

>
> > If you trust the localhost you're probably better off using the
> > ident protocol for it.
>
> This means running just another server, even with root privileges. :-(

identd doesn't need root.

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/