>Number:         10798
>Category:       kern
>Synopsis:       getpeereid system call
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 09 12:22:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     William E. Baxter
>Release:        NetBSD 1.4.2, NetBSD-current 10 August 2000<NetBSD-current source date>
>Organization:
SuperScript
	
>Environment:
	
System: NetBSD kronos.superscript.com 1.4.2 NetBSD 1.4.2 (GENERIC) #7: Mon Aug 7 10:52:41 PDT 2000 root@kronos.superscript.com:/usr/src/sys/arch/i386/compile/GENERIC i386


>Description:
	A patch implementing a getpeereid() syscall in NetBSD
	is available at

	http://www.superscript.com/patches/netbsd-1-4-PATCH002.getpeereid

	This patch was originally generated and tested
	against netbsd-1.4.2, but evidently applies equally
	well to -current as of today.

	A local-domain server uses getpeereid() to obtain
	credentials from clients.  Credentials are passed
	when the client calls connect() and do not require
	that the client send any data.

	Based on getpeereid() I implemented ucspi-ipc, a framework
	for creating local-domain client/server programs.  This
	system allows a privileged server to act on behalf of
	nonprivileged clients without setuid programs.  Access
	to services is easily configurable based on information
	obtained via getpeereid.  Clients pass credentials at
	connect(), and therefore cannot consume connections
	anonymously.

	Links to background information, patches, and applications
	appear on the ucspi-ipc home page at

	http://www.superscript.com/ucspi-ipc/intro.html

	I would like to see getpeereid() or sufficient basis for
	it incorporated into future NetBSD releases so that we
	can all use ucspi-ipc without the need for a kernel patch.
	
>How-To-Repeat:
	
>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted: