Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SO_PEERCRED vs SCM_CREDENTIALS - why there are both of them?

Tags:

linux

credentials

unix-socket

SO_PEERCRED is simple way to get pid/uid/gid of connected AF_UNIX stream socket, SCM_CREDENTIALS is more or less the same, but more complex (various ancillary messages). Links to example showing both ways.

  1. Why there are two ways to get more or less the same information?
  2. Why the more comfortable SO_PEERCRED is not listed in unix(7) manpage?
  3. Which is use more in real-life applicatins?

What should I use?

like image 724
Vi. Avatar asked Apr 05 '12 22:04

Vi.

People also ask

What is Af_inet and AF_UNIX?

tl,dr: AF_UNIX is for sockets(and they use files) while AF_INET is for binding to ip addresses, and creating communications on its various forms(unicast, multicast, broadcast...).

How does Unix domain socket work?

Unix sockets are bidirectional. This means that every side can perform both read and write operations. While, FIFOs are unidirectional: it has a writer peer and a reader peer. Unix sockets create less overhead and communication is faster, than by localhost IP sockets.

What is So_priority?

SO_PRIORITY Set the protocol-defined priority for all packets to be sent on this socket. Linux uses this value to order the networking queues: packets with a higher priority may be processed first depending on the selected device queueing discipline.

Is TCP or UNIX socket faster?

Unix domain sockets are often twice as fast as a TCP socket when both peers are on the same host. The Unix domain protocols are not an actual protocol suite, but a way of performing client/server communication on a single host using the same API that is used for clients and servers on different hosts.

1 Answers

  1. If I understand correctly, there is a subtle difference between the two. SO_PEERCRED retrieves the credentials of the peer process, without requiring any interaction from the peer process. In contrast, SCM_CREDENTIALS is a mechanism to send / receive credentials of the peer process, which are then checked by the kernel. This subtle difference may matter when a process is running as UID 0. SCM_CREDENTIALS allows a process running as UID 0, to declare itself less privileged (e.g., UID 50), whereas this would not be possible with SO_PEERCRED.

  2. See above. I guess using SCM_CREDENTIALS is encouraged and SO_PEERCRED is only supported for compatibility.

  3. The dbus daemon seems to use SO_PEERCRED and getpeereid(). I think it is best to copy their code in order to portably get the credentials.

http://cgit.freedesktop.org/dbus/dbus/tree/dbus/dbus-sysdeps-unix.c?id=edaa6fe253782dda959d78396b43e9fd71ea77e3

like image 151
user1202136 Avatar answered Sep 18 '22 18:09

user1202136
Sign in to Comment

Related questions

Why does the JVM consume less memory than -Xms specified?
A2DP sink without pulseaudio
Format specifier for printk loff_t types?
Linux UDP max size of receive buffer
Difference between .so file and .a file?
Debian sources.list.d Versus sources.list
How to handle readlink() of "/proc/self/exe" when executable is replaced during execution?
How to install Python 3.8 along with Python 3.9 in Arch Linux?
Compile a PHP script in Linux
Automate firefox with python? [closed]
How does sched_setaffinity() work?
Warning with nftw
Is it safe to issue blocking write() calls on the same TCP socket from multiple threads?
How to write C++ audio processing applications? [closed]
Allocating largest buffer without using swap
Child processes die when killing parent if one of them is stopped with SIGSTOP
Reading with cat: Stop when not receiving data
How do I create a shortcut folder on a linux web server?
How to get instruction information from libopcodes?
multiple threads able to get flock at the same time

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!