Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why you should avoid world-writable directories

From: casper () HOLLAND SUN COM (Casper Dik)
Date: Wed, 23 Dec 1998 10:16:40 +0100


getpeeruid() has a problem since multiple processes may write to one
datagram socket, also processes can change uid and file handles can be
passed around.

Both recent *BSD and Linux 2.1.x have per message authentication data
for AF_UNIX sockets that is available as a control message (ie you can
get it via recvmsg()).



Also, on systems that have STREAMs based loopback transports, support
exists to get the other ends credentials in a similar manner.

This is used for authentication on Solaris 2.x loopback rpc
(rpcbind, vold, autofsd, keyserv)

Casper
Previous By Date Next
Previous By Thread Next

Current thread: