Re: Why you should avoid world-writable directories

From: Alan Cox (alanat_private)
Date: Tue Dec 22 1998 - 05:22:35 PST

Next message: Eric Forcey: "Re: 3com"

Previous message: Darren Reed: "Re: Why you should avoid world-writable directories"
Maybe in reply to: D. J. Bernstein: "Why you should avoid world-writable directories"
Next in thread: Darren Reed: "Re: Why you should avoid world-writable directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> world-writable directories. The security community would love to see
> another portable IPC mechanism offering guaranteed user identification.
> (I suggest that kernels add a getpeeruid() system call, showing the real
> uid that called connect(), for UNIX-domain sockets and for loopback TCP
> sockets.) However, while we're waiting, we need a few setuid programs.

getpeeruid() has a problem since multiple processes may write to one
datagram socket, also processes can change uid and file handles can be
passed around.

Both recent *BSD and Linux 2.1.x have per message authentication data
for AF_UNIX sockets that is available as a control message (ie you can
get it via recvmsg()).

Alan

Next message: Eric Forcey: "Re: 3com"
Previous message: Darren Reed: "Re: Why you should avoid world-writable directories"
Maybe in reply to: D. J. Bernstein: "Why you should avoid world-writable directories"
Next in thread: Darren Reed: "Re: Why you should avoid world-writable directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:44 PDT