getpeereid (7)

The getpeereid function stores the effective user and group IDs of the peer on local domain socket s in u and g, respectively. It returns 0 if successful, and -1 if an error occurs, setting errno appropriately.

When it accepts a connection, ipcserver uses the effective user ID and effective group ID of the process that called connect to decide whether to handle the connection or drop it immediately. Therefore ucspi-ipc requires operating system support for passing the client credentials to the server. For discussions of various credential-passing mechanisms, see D.J. Bernstein’s Secure interprocess communication and the BugTraq mailing list thread containing Re: Wiping out setuid programs.

Programs in the ucspi-ipc package use getpeereid to obtain client credentials. Unless your operating system supports an implementation of getpeereid, you cannot use ucspi-ipc.

Recent Linux kernels that support SO_PEERCRED with getsockopt provide sufficient basis for a getpeereid function. Various systems offer a gepeereid system call, including OpenBS 3.0, FreeBS 4.6, and AI 5L.

Experimental operating system patches that add a getpeereid system call are available for several BSD variants.

William Baxter <sst@superscript.com>