0

Im new to zmq. Im using the same for local IPC in a Linux based OS (The socket is AF_UNIX type) But I could not find a way to get the caller's (client) process Id. Is there any way to find the same using zmq ? (Finding the pid of the caller is must for my access control requirement and if zmq does not provide the same then I should switch to dbus) Please help me.

Manasij Sur Roy
  • 103
  • 2
  • 7

1 Answers1

1

Forget most of the low-level socket designs and worries. Think higher in the sky. ZeroMQ is a pretty higher-level messaging concept. So you will have zero-worries about most of the socket-io problems.

For more on these ZMQ principles, read Pieter Hintjens' design maxims and his resources-rich book "Code Connected, Vol.1".

That said, the solution is fully in your control.

Solution

Create a problem-specific multi-zmq-socket / multi-zmq-pattern (multiple zmq-primitives used and orchestrated by your application level logic) as a problem-specific formal communication handshaking.

Ensure the <sender> adds it's own PID into message.

Re/authorise via another register/auth-socket-pattern with the pre-registered sender from the receiver side, so as to avoid a spoofed attack under a fake/stolen PID-identity.

Adapt your access-control policy according to your ProblemDOMAIN, use and implement any level of crypto-security formal handshaking protocols for identity-validation or key-exchange, to raise your access-control policy security to adequate strengths ( including MIL-STD grades ).

halfer
  • 19,824
  • 17
  • 99
  • 186
user3666197
  • 1
  • 6
  • 50
  • 92
  • So you are suggesting to use SO_PEERCRED / SO_PASSCRED for socket authentication handshaking and then proceed with actualy zmq IPC. Actually I was hoping that zmq will provide me some sort of inbuilt utility to get the pid. (I guess dbus also internally uses SO_PASSCRED / SO_PEERCRED for socket auth). So to use zmq for my use-case I need to put more effort for socket auth handshaking :) so I guess for my proto I will go ahead with the dbus. – Manasij Sur Roy Sep 04 '14 at 20:46
  • Pitty you have not given ZeroMQ a try. An elementary ZeroMQ / libzapi read-in will serve you a feature rich authentication-primitives included. **Description** `A zauth object takes over authentication for all incoming connections in its context. Note that libzmq provides four levels of security: default NULL (which zauth does not see), and authenticated NULL, PLAIN, and CURVE, which zauth can see.` **ZeroMQ belongs to rather a Can-Do culture** – user3666197 Sep 04 '14 at 20:58
  • czmq seems interesting, I will give it a try. [I have already accepted your approach as answer, but due to strict deadline of my project I am not sure whether I can use that, poor me:) , but if time permits zmq will be first choice] – Manasij Sur Roy Sep 04 '14 at 21:22