Under many operating systems Unix-domain sockets allow a process to reliably pass its credentials to another process in a way that can’t be maliciously subverted. For instance, this is done on Linux through the SO_PASSCRED and SO_PEERCRED options, on FreeBSD by passing messages that include the cmsgcred structure, and on NetBSD by setting the LOCAL_CREDS option. However, I haven’t been able to find a way to perform this operation under Mac OS X. The corresponding header (socket.h) seems to have the functionality disabled for Apple’s build.
#if !defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE) #ifndef __APPLE__ // ... struct cmsgcred { Any idea of another Mac OS X facility that can accomplish the same result?
I haven’t ever worked with it, but I think you’re looking for LOCAL_PEERCRED. ( see man unix)
You can confirm the identity of the program at the other end of the socket using the LOCAL_PEERCRED socket option, introduced in Mac OS X 10.4.
See Technical Note TN2083. Daemons and Agents