Subject: Re: SO_PEERNAME
To: Emmanuel Dreyfus <manu@netbsd.org>
From: Matt Thomas <matt@3am-software.com>
List: tech-kern
Date: 08/25/2001 08:37:31
At 12:12 PM 8/25/2001 +0200, Emmanuel Dreyfus wrote:
>Linux uses getsockopt to make a few extra informations available to the
>calling process. This include for example who connected to the other
>side of a UNIX socket, using the SO_PEERNAME getsockopt argument.

We already have a better feature by having the kernel supply the
credentials of the sending process.  That makes SO_PEERNAME unneeded
See SCM_CREDS.

>This is used for instance by PostgreSQL. On NetBSD, PostgreSQL has no
>idea of who is connecting to its UNIX socket. You can connect to the
>postgreSQL database pretending to be anyone, and if there is no
>password, it works.
>
>On Linux, PostgreSQL uses this SO_PEERNAME feature to identify the
>connecting user, so that there is no need to use passwords. You can
>hence access the account using RSA keys and SSH, which is much more
>secure.
>
>I think it would be nice to implement this on NetBSD, but I don't see
>how to cleany implement it. Would it be acceptable to add a UNIX domain
>socket only piece of code in sys/kern/uipc_socket.c:sosetopt() to handle
>SO_PEERNAME?

No.  Don't add it at all.  Instead teach PostgreSQL to use SCM_CREDS.
--
Matt Thomas               Internet:   matt@3am-software.com
3am Software Foundry      WWW URL:    http://www.3am-software.com/bio/matt/
Cupertino, CA             Disclaimer: I avow all knowledge of this message