Proposal 171 (revised): Separate streams across circuits by connection metadata
Chris Palmer
chris at eff.org
Tue Dec 14 23:23:20 UTC 2010
On 12/14/2010 02:35 PM, Robert Hogan wrote:
> Interestingly, Unix sockets allow you to collect the gid and uid of the
> process on the other side of the socket. Not the pid unfortunately.
Not so: my FreeBSD sys/socket.h has:
/*
* Credentials structure, used to verify the identity of a peer
* process that has sent us a message. This is allocated by the
* peer process but filled in by the kernel. This prevents the
* peer from lying about its identity. (Note that cmcred_groups[0]
* is the effective GID.)
*/
struct cmsgcred {
pid_t cmcred_pid; /* PID of sending process */
uid_t cmcred_uid; /* real UID of sending process */
uid_t cmcred_euid; /* effective UID of sending
process */
gid_t cmcred_gid; /* real GID of sending process */
short cmcred_ngroups; /* number or groups */
gid_t cmcred_groups[CMGROUP_MAX]; /* groups */
};
Linux has:
#ifdef __USE_GNU
/* User visible structure for SCM_CREDENTIALS message */
struct ucred
{
pid_t pid; /* PID of sending process. */
uid_t uid; /* UID of sending process. */
gid_t gid; /* GID of sending process. */
};
#endif
It'd be nice to have a portability layer around this stuff, of course.
Note also that Android's Binder system supports this too, with an API
you might like better.
--
Chris Palmer
Technology Director, Electronic Frontier Foundation
More information about the tor-dev
mailing list