Bugtraq mailing list archives
Re: Why you should avoid world-writable directories
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Wed, 23 Dec 1998 10:16:40 +0100
getpeeruid() has a problem since multiple processes may write to one datagram socket, also processes can change uid and file handles can be passed around. Both recent *BSD and Linux 2.1.x have per message authentication data for AF_UNIX sockets that is available as a control message (ie you can get it via recvmsg()).
Also, on systems that have STREAMs based loopback transports, support exists to get the other ends credentials in a similar manner. This is used for authentication on Solaris 2.x loopback rpc (rpcbind, vold, autofsd, keyserv) Casper
Current thread:
- Verifying file data integrity using L6 gilbert () PGCI CA (Dec 17)
- Re: Verifying file data integrity using L6 Ng Pheng Siong (Dec 18)
- <Possible follow-ups>
- Re: Verifying file data integrity using L6 James R Grinter (Dec 20)
- Re: Verifying file data integrity using L6 Marc SCHAEFER (Dec 20)
- Re: Verifying file data integrity using L6 Curt Sampson (Dec 21)
- Why you should avoid world-writable directories D. J. Bernstein (Dec 21)
- Re: Why you should avoid world-writable directories Darren Reed (Dec 22)
- Re: Why you should avoid world-writable directories Alan Cox (Dec 22)
- Re: Why you should avoid world-writable directories Casper Dik (Dec 23)
- Re: Why you should avoid world-writable directories Martin Forssen (Dec 23)
- Linux PAM (up to 0.64-2) local root compromise Michal Zalewski (Dec 23)
- Re: Linux PAM (up to 0.64-2) local root compromise Savochkin Andrey Vladimirovich (Dec 24)
- 3COM Documentation backdoors in CB3500 Pedro Ribeiro (Dec 23)
- New perl module Net::RawIP Sergey V. Kolychev (Dec 22)
- Update on Cisco IOS 12.0 security bug John Bashinski (Dec 22)
- Re: New perl module Net::RawIP route () RESENTMENT INFONEXUS COM (Dec 22)
- [SecureXpert Labs Advisory SX-98.12.23-01] Widespread DoS Richard Reiner (Dec 23)
- Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Updated) Anonymous (Dec 23)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Casper Dik (Dec 24)