unix-cred provides simple, cross-platform interfaces to read peer credentials from Unix
sockets. (OS-specific interfaces are also exposed if the extra functionality is necessary).
Some platforms support reading peer credentials from datagram sockets using ancillary messages.
unix-cred does not support this; only stream sockets are supported.
On all currently supported platforms, both of the following are true:
- The UID and GID returned by these interfaces are the effective UID/GID, not the real or saved UID/GID.
- The credentials returned are cached at the time that the
socketpair()call was made. (So if the process later drops privileges, or passes the file descriptor to an unprivileged process, it will still be shown as having elevated privileges.)
xucred modules expose the OS-specific interfaces.
ucred provides the
Linux/OpenBSD/NetBSD interface, and
xucred provides the macOS/FreeBSD/DragonFlyBSD interface.
ucred is not particularly useful; in most cases you should use
get_peer_pid_ids(), which are more cross-platform. However,
xucred can be helpful since it
provides access to the process's full supplementary group list.
Get the UID and GID of the given socket's peer.
Get the PID, UID, and GID of the given socket's peer.