jss@sjuvax.UUCP (Jonathan Shapiro) (12/12/84)
[Aren't you hungry...?] It occurs to me that it would be very useful to get the egid and euid of the process on the other end of a socket in order to implement socket protections on the server end. Has anyone done this or does anyone have a better idea? Jon Shapiro
chris@umcp-cs.UUCP (Chris Torek) (12/15/84)
> It occurs to me that it would be very useful to get the egid and euid > of the process on the other end of a socket in order to implement socket > protections on the server end. Has anyone done this or does anyone have a > better idea? Fine for AF_UNIX maybe, but what about Internet sockets? There may not even *be* a "user id" at the other end. -- (This line accidently left nonblank.) In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (301) 454-7690 UUCP: {seismo,allegra,brl-bmd}!umcp-cs!chris CSNet: chris@umcp-cs ARPA: chris@maryland
grunwald@uiucdcsb.UUCP (12/20/84)
Re: putting the egid and euid in with the socket information Other people have suggested this. Its needed for security reasons in a lot of applications. However, I don't think you could do that and still use TCP/IP since it's not in the definition. And a lot of people still want to use all the wonderful features of TCP/IP. You can't do it in user space either -- needs to be in the kernel or someone can intercept it. You'd have to define another protocol which packages that information along with each socket. Perhaps a Secure-IP or something along those lines. Has anyone done this?