Bugtraq mailing list archives

Re: Why you should avoid world-writable directories

From: thorpej () NAS NASA GOV (Jason Thorpe)
Date: Thu, 24 Dec 1998 22:16:16 -0800


On Thu, 24 Dec 1998 00:50:48 -0800
 Jason Thorpe <thorpej () nas nasa gov> wrote:

On Wed, 23 Dec 1998 09:28:35 +1100
 Darren Reed <avalon () coombs anu edu au> wrote:

 > In a way, that is exactly the type of thing he is referring to, BUT,
 > LOCAL_CREDS must be supplied to be received as opposed to just "looked up"
 > with getpeeruid() (my understanding anyway).

Yes, they are a control message.  This works well for SOCK_DGRAM, but
not as well for SOCK_STREAM, since w/ SOCK_STREAM you can connect and
then never send any data, thus the task wanting the credentials never
gets them.


Actually, let me clarify this just a little.  I was pretty tired when I
wrote that reply :-)

The credentials are supplied by the kernel.  The kernel prevents the
sender from supplying them, for obvious reasons.  Upon reception of
any datagram on a LOCAL_CREDS-enabled socket, the credentials are
available in a control message.  There is one credentials message per
datagram if the option is enabled.

For stream sockets, the credentials are supplied only once, when the
sender first sends data.  If the sender never sends data, the receiver
never recieves the credentials.

In any case, if you (the receiver) enable LOCAL_CREDS on the socket, the
only work you have to do is the receive of the control message and parsing
of it.  The sending application does no additional work.  It is out of the
loop as far as the sending of credentials is concerned.

I don't really see any value in getpeeruid() since it can _only_ apply
to Unix domain sockets.  Why invent a system call with no other use when
you can just use existing general-purpose interfaces?

Jason R. Thorpe                                       thorpej () nas nasa gov
NASA Ames Research Center                            Home: +1 408 866 1912
NAS: M/S 258-5                                       Work: +1 650 604 0935
Moffett Field, CA 94035                             Pager: +1 650 940 5942

Current thread:

Re: Why you should avoid world-writable directories Ben Laurie (Dec 22)
- Re: Why you should avoid world-writable directories Darren Reed (Dec 22)
- Re: Why you should avoid world-writable directories Rich Burroughs (Dec 22)
- Re: Why you should avoid world-writable directories Wietse Venema (Dec 22)
- <Possible follow-ups>
- Re: Why you should avoid world-writable directories Nick Maclaren (Dec 22)
- Re: Why you should avoid world-writable directories Jason Thorpe (Dec 24)
  - Re: Why you should avoid world-writable directories Alan Cox (Dec 24)
  - Administrivia Aleph One (Dec 26)
  - Nlog 1.1b released - security holes fixed HD Moore (Dec 26)
    - referer problems... Spencer Portee - Yard Productions (Dec 26)
- Re: Why you should avoid world-writable directories Jason Thorpe (Dec 24)
  - Re: Why you should avoid world-writable directories Bill Paul (Dec 26)
    - Re: Why you should avoid world-writable directories Robert Watson (Dec 27)