int getpeereid(int s,uid_t *u,gid_t *g);
getpeereid function stores the effective user and group IDs of the
peer on local domain socket
g, respectively. It
returns 0 if successful, and -1 if an error occurs, setting
When it accepts a connection,
ipcserver uses the effective user ID and
effective group ID of the process that called
connect to decide whether to
handle the connection or drop it immediately. Therefore ucspi-ipc requires
operating system support for passing the client credentials to the server.
For discussions of various credential-passing mechanisms, see D.J. Bernstein’s
Secure interprocess communication and the
BugTraq mailing list thread containing
Re: Wiping out setuid programs.
Programs in the ucspi-ipc package use
getpeereid to obtain client
credentials. Unless your operating system supports an implementation of
getpeereid, you cannot use ucspi-ipc.
Recent Linux kernels that support
getsockopt provide sufficient basis for a getpeereid function.
Various systems offer a
gepeereid system call, including
FreeBS 4.6, and
Experimental operating system patches
that add a
getpeereid system call are available for several BSD
William Baxter <email@example.com>