[illumos-Developer] Integrating identd
Garrett D'Amore
garrett at nexenta.com
Sun Apr 3 14:42:34 PDT 2011
On Sun, 2011-04-03 at 17:28 -0400, Richard Lowe wrote:
> On Sun, Apr 3, 2011 at 17:26, Garrett D'Amore <garrett at nexenta.com> wrote:
> > You can't use getpeerucred() to do this work for you? What am I missing
> > that you can't get from getpeerucred()?
>
> You can only look at your own sockets with getpeerucred(), an identd
> needs to see who owns the sockets of another process.
>
> -- Rich
Ah, ok, that makes sense.
So we'd have to adequately secure the permissions of this hypothetical
new ucred_get_conn() system call, and make sure it was zone aware and
zone safe. (With RBAC controls I guess.) It doesn't seem like a bad
idea.
- Garrett
More information about the Developer
mailing list