Under many operating systems Unix-domain sockets allow a process to reliably pass its credentials to another process in a way that can't be maliciously subverted. For instance, this is done on Linux through the SO_PASSCRED and SO_PEERCRED options, on FreeBSD by passing messages that include the cmsgcred structure, and on NetBSD by setting the LOCAL_CREDS option. However, I haven't been able to find a way to perform this operation under Mac OS X. The corresponding header (socket.h) seems to have the functionality disabled for Apple's build.
#if !defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE)
#ifndef __APPLE__
// ...
struct cmsgcred {
Any idea of another Mac OS X facility that can accomplish the same result?
I haven't ever worked with it, but I think you're looking for LOCAL_PEERCRED. ( see man unix)
You can confirm the identity of the program at the other end of the socket using the LOCAL_PEERCRED socket option, introduced in Mac OS X 10.4.
See Technical Note TN2083. Daemons and Agents
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With