Proposal 171 (revised): Separate streams across circuits by connection metadata

Chris Palmer chris at
Tue Dec 14 23:23:20 UTC 2010

On 12/14/2010 02:35 PM, Robert Hogan wrote:

> Interestingly, Unix sockets allow you to collect the gid and uid of the 
> process on the other side of the socket. Not the pid unfortunately.

Not so: my FreeBSD sys/socket.h has:

 * Credentials structure, used to verify the identity of a peer
 * process that has sent us a message. This is allocated by the
 * peer process but filled in by the kernel. This prevents the
 * peer from lying about its identity. (Note that cmcred_groups[0]
 * is the effective GID.)
struct cmsgcred {
        pid_t   cmcred_pid;             /* PID of sending process */
        uid_t   cmcred_uid;             /* real UID of sending process */
        uid_t   cmcred_euid;            /* effective UID of sending
process */
        gid_t   cmcred_gid;             /* real GID of sending process */
        short   cmcred_ngroups;         /* number or groups */
        gid_t   cmcred_groups[CMGROUP_MAX];     /* groups */

Linux has:

#ifdef __USE_GNU
/* User visible structure for SCM_CREDENTIALS message */
struct ucred
  pid_t pid;                  /* PID of sending process.  */
  uid_t uid;                  /* UID of sending process.  */
  gid_t gid;                  /* GID of sending process.  */

It'd be nice to have a portability layer around this stuff, of course.
Note also that Android's Binder system supports this too, with an API
you might like better.

Chris Palmer
Technology Director, Electronic Frontier Foundation

More information about the tor-dev mailing list