Extended SCM_RIGHTS for AF_UNIX sockets

Malcolm Beattie (malcolm.beattie@computing-services.oxford.ac.uk)
17 Jul 1996 11:28:34 GMT

We can now pass file descriptors down Unix domain sockets with
an SCM_RIGHTS control messages in sendmsg() but can't easily
tell for *certain* who sent them to us. [Guesses made via
getpeername and stat are subject to minor attacks.] SysV file
descriptor passing uses a STREAMS I_SENDFD and the receiver gets
the sender's euid and egid. I'd like to add something like
SCM_XRIGHTS to Linux which would behaves like SCM_RIGHTS on the
sender side but the receiver gets a control message containing:
uid_t uid;
gid_t gid;
pid_t pid;
int fd[...];
instead of just the array of descriptors. Notice that the trivial
case is also useful. The sender can send zero file descriptors with
SCM_RIGHTS and the receiver can verify who sent the message, both
uid/gid and the PID of the sender. Would anyone mind if I added this


Malcolm Beattie <mbeattie@sable.ox.ac.uk>
Oxford University Computing Services
"Widget. It's got a widget. A lovely widget. A widget it has got." --Jack Dee