SYNOPSIS
int getpeereid(int s,uid_t *u,gid_t *g);
DESCRIPTION
The getpeereid
function stores the effective user and group IDs of the
peer on local domain socket s
in u
and g
, respectively. It
returns 0 if successful, and -1 if an error occurs, setting errno
appropriately.
When it accepts a connection, ipcserver
uses the effective user ID and
effective group ID of the process that called connect
to decide whether to
handle the connection or drop it immediately. Therefore ucspi-ipc requires
operating system support for passing the client credentials to the server.
For discussions of various credential-passing mechanisms, see D.J. Bernstein’s
Secure interprocess communication and the
BugTraq mailing list thread containing
Re: Wiping out setuid programs.
Programs in the ucspi-ipc package use getpeereid
to obtain client
credentials. Unless your operating system supports an implementation of
getpeereid
, you cannot use ucspi-ipc.
Implementations
Recent Linux kernels that support SO_PEERCRED
with
getsockopt
provide sufficient basis for a getpeereid function.
Various systems offer a gepeereid
system call, including
OpenBS 3.0,
FreeBS 4.6, and
AI 5L.
Experimental operating system patches
that add a getpeereid
system call are available for several BSD
variants.
AUTHOR
William Baxter <sst@superscript.com>