Is there a reliable method of obtaining the credentials (uid/gid) of a
peer (SOCK_STREAM sockets only, obviously) on a unix domain socket?
All the Stevens books I have suggest that there isn't, but I'm
wondering if something has been developed since those books were
published. Note that a BSD/OS-like LOCAL_CREDS socket opt is not
sufficient because using the latter the process must wait until the
peer sends something before they can learn its credentials. If this
process intends to drop the connection if it's not from an authorized
source, this may lead to a DoS attack. Timers don't help, either;
think of TCP SYN flood-like attacks.
Thanks,
Dima Dorfman
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
