It would be very nice if inet connections over loopback supported LOCAL_PEERCRED. On Solaris, when you make a connection over a loopback device, getpeerucred "just works" and gives you the pid and uid of the connecting process on the local system. This could be used to easily enhance the security of programs like OpenSSH: the ssh-agent uses a domain socket with getpeereid to verify the identity of connecting users, but if I run "ssh -D localhost:9999 ..." it runs an inet listener that any user can connect to. Being able to use the same credentials check here would be handy and plug a gap in our API.
State Changed From-To: open->suspended Feature request. Mark as suspended awaiting someone to create patches.
Responsible Changed From-To: freebsd-bugs->freebsd-net
batch change: For bugs that match the following - Status Is In progress AND - Untouched since 2018-01-01. AND - Affects Base System OR Documentation DO: Reset to open status. Note: I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.
^Triage: to submitter: is this aging PR still relevant?
No, I do not require this anymore. It would be nice to have, in theory, since someone might find a use for it (and for parity with Solaris), but our application has moved in the last 11 years and I don't have any immediate use of it myself. Feel free to close as "won't fix".
^Triage: apparently this is EWONTFIX.