On Fri, Dec 22, 2006 at 12:47:12AM +0100, Christian Biere wrote:
> Matthias Drochner wrote:
> > static int
> > askhelper(const char *user, const char *pass)
> > {
> > 	int fd[2];
> > 	pid_t pid, rpid;
> > 	int res, pwlen, s;
> > 
> > 	res = pipe(fd);
> > 	if (res < 0)
> > 		return (errno);
> 
> You could use socketpair() with AF_LOCAL instead which would allow checking
> credentials.

Yes, you could, but why?

This would be a very valuable thing to do for a long-running daemon with
a well-known AF_LOCAL address: it could check the credentials of other
programs that messaged it with password-check requests, and service them
only if the uid were right.  But for a program that's directly executed
by the client, the ruid is already available, and the pipe cannot be
hijacked by any other program; so why check socket credentials?

Thor