Proposal 171 (revised): Separate streams across circuits by connection metadata

Chris Palmer chris at eff.org
Tue Dec 14 23:23:20 UTC 2010


On 12/14/2010 02:35 PM, Robert Hogan wrote:

> Interestingly, Unix sockets allow you to collect the gid and uid of the 
> process on the other side of the socket. Not the pid unfortunately.

Not so: my FreeBSD sys/socket.h has:

/*
 * Credentials structure, used to verify the identity of a peer
 * process that has sent us a message. This is allocated by the
 * peer process but filled in by the kernel. This prevents the
 * peer from lying about its identity. (Note that cmcred_groups[0]
 * is the effective GID.)
 */
struct cmsgcred {
        pid_t   cmcred_pid;             /* PID of sending process */
        uid_t   cmcred_uid;             /* real UID of sending process */
        uid_t   cmcred_euid;            /* effective UID of sending
process */
        gid_t   cmcred_gid;             /* real GID of sending process */
        short   cmcred_ngroups;         /* number or groups */
        gid_t   cmcred_groups[CMGROUP_MAX];     /* groups */
};

Linux has:

#ifdef __USE_GNU
/* User visible structure for SCM_CREDENTIALS message */
struct ucred
{
  pid_t pid;                  /* PID of sending process.  */
  uid_t uid;                  /* UID of sending process.  */
  gid_t gid;                  /* GID of sending process.  */
};
#endif

It'd be nice to have a portability layer around this stuff, of course.
Note also that Android's Binder system supports this too, with an API
you might like better.


-- 
Chris Palmer
Technology Director, Electronic Frontier Foundation



More information about the tor-dev mailing list