Marcelπ Been looking into hardening Unix Domain Sockets on Linux lately β here are some takeaways.
π‘οΈ Filesystem permissions: donβt rely on chmod on the socket file alone β some systems silently ignore it (hello SELinux). Protect the directory it lives in with 0750 and watch out for umask when calling bind() β it silently masks your intended permissions. Set umask before bind(), not chmod after.
π Peer authentication: SO_PEERCRED after accept() gives you the PID, UID and GID of the connecting process, verified by the kernel. But it only captures credentials at connect() time β if the peer changes identity later, you wonβt see it.
π¨ Per-message auth: SCM_CREDENTIALS via sendmsg/recvmsg solves that. The kernel verifies the credentials on every message, even if the sender tries to lie. Essential when processes switch identity during their lifetime.
β‘ SOCK_SEQPACKET instead of SOCK_STREAM is worth considering. You get atomic message boundaries from the kernel β no custom framing, no partial reads, no glued-together messages.
π¦ Rate limiting unfortunately has to happen in userspace β the kernel offers nothing useful for per-peer UDS rate limiting. A simple token bucket per connection does the job.
Anyone else spent time hardening UDS? Curious what else people do beyond the basics.
#Linux #UnixDomainSockets #Security #SystemsProgramming #IPC #Infosec