`getpeereid`

When it accepts a connection, ipcserver uses the effective user ID and effective group ID of the process that called connect to decide whether to handle the connection or drop it immediately. Therefore ucspi-ipc requires operating system support for passing the client credentials to the server. For discussions of various credential-passing mechanisms, see D.J. Bernstein's Secure interprocess communication and the BugTraq mailing list thread stemming from Wiping out setuid programs.

ucspi-ipc uses getpeereid to obtain client credentials. Unless your operating system supports an implementation of getpeereid, you cannot use ucspi-ipc.

`getpeereid`

  int getpeereid(int s,uid_t *u,gid_t *g);

s is the result of a successful accept on a local-domain stream socket.

u and g are pointers to addresses where the user and group IDs are stored.

Upon success, getpeereid stores user and group IDs at u and g, respectively, and returns 0. If an error occurs, getpeereid sets errno appropriately, and returns -1.

Implementations

Recent Linux kernels that support SO_PEERCRED with getsockopt provide sufficient basis for a getpeereid function. Various systems offer a gepeereid system call, including OpenBSD 3.0, FreeBSD 4.6, and AIX 5L.

Experimental operating system patches that add a getpeereid system call are available for several BSD variants.