是否可以找到哪个用户位于 localhost TCP 连接的另一端? [英] Is it possible to find which user is at the other end of a localhost TCP connection?
问题描述
这是一个编程问题,但它非常特定于 Linux/Unix.如果我从 localhost 获得 TCP 连接,是否有一种简单的方法可以告诉哪个用户在 C 程序中建立了连接而无需脱壳?我知道这对于 Unix 域套接字并不太难.
This is kind of a programming question, but it's very Linux/Unix specific. If I get a TCP connection from localhost, is there a simple way to tell which user made the connection inside a C program without shelling out? I know this isn't too hard with a Unix domain socket.
我已经知道远程 IP 地址是 localhost(::1 或 127.0.0.1)并且我知道远程端口号.我不知道建立连接的进程的有效用户 ID.有什么办法可以发现这个吗?
I already know the remote IP address is localhost (::1 or 127.0.0.1) and I know the remote port number. What I don't know is the effective user id of the process that made the connection. Is there any way to discover this?
推荐答案
在 Linux 上,/proc/net/tcp 包含有关系统上打开的 TCP 套接字的信息.对于已连接的套接字,条目如下所示(标题是文件的一部分,其他行已删除):
On Linux, /proc/net/tcp contains information on the open TCP sockets on the system. For a connected socket, the entries look like this (the header is part of the file, other lines removed):
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
11: 0100007F:C9CB 0100007F:0016 01 00000000:00000000 00:00000000 00000000 1000 0 978132 ...
第二列和第三列是套接字的端点,uid 列是创建套接字的进程的有效 UID./proc/net/tcp6 与 IPv6 类似.(那里的 IP 地址是 127.0.0.1,所以八位字节的顺序似乎是相反的.)
The second and third columns have the endpoints of the socket, and the uid column has the effective UID of the process what created the socket.
/proc/net/tcp6 is similar for IPv6. (The IP address there is 127.0.0.1, so the octets seem to be in reverse order.)
如果您想跟踪持有套接字的实际进程,您需要查看所有 /proc/$PID/fd/$N 条目,并比较 inode 编号在 tcp 套接字表中提到的 inode 编号的套接字符号链接中.但是你只能看到自己进程的文件描述符,除非你是超级用户.
If you wanted to track the actual process(es) holding the socket, you'd need to go through all /proc/$PID/fd/$N entries, and compare the inode numbers in the socket symlinks to the inode number mentioned in the tcp socket table. But you can only see the file descriptors of your own processes, unless you're the superuser.
这篇关于是否可以找到哪个用户位于 localhost TCP 连接的另一端?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
