Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!yale!cmcl2!stealth.acf.nyu.edu!brnstnd
From: brnstnd@stealth.acf.nyu.edu
Newsgroups: comp.unix.wizards
Subject: Re: socket -> UID
Message-ID: <20784@stealth.acf.nyu.edu>
Date: 17 Jan 90 08:18:51 GMT
References: <832@unipas.fmi.uni-passau.de> <1990Jan15.053647.24388@athena.mit.edu>
Reply-To: brnstnd@stealth.acf.nyu.edu (Dan Bernstein)
Distribution: usa
Organization: IR
Lines: 19

In article <1990Jan15.053647.24388@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes:
> In article <832@unipas.fmi.uni-passau.de>, hessmann@unipas.fmi.uni-passau.de
> (Georg Hessmann) writes:
> [ How can a program at one end of an Internet socket find out what the ]
> [ UID and GID of the process at the other end of the socket are?       ]

You could use an RFC 931 Authentication Server implementation, so that
you can find out the username by asking TCP port 113 on the client machine.
My implementation is undergoing gamma testing.

Unfortunately, it's easy to compromise security below TCP, so if you
really want to know who you're talking to, run Kerberos.

>   This can't be done.  An Internet domain socket doesn't have any UID or GID
> information associated with it;

It should. The Internet inherited that administrative flaw from the Arpanet.

---Dan