Re: Why you should avoid world-writable directories

From: Darren Reed (avalonat_private)
Date: Tue Dec 22 1998 - 14:28:35 PST

Next message: Nick Maclaren: "Re: Why you should avoid world-writable directories"

Previous message: Jefferson Ogata: "Re: Nmap network auditing/exploring tool V. 2.00 released"
Maybe in reply to: D. J. Bernstein: "Why you should avoid world-writable directories"
Next in thread: Nick Maclaren: "Re: Why you should avoid world-writable directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In some mail from Ben Laurie, sie said:
>
> D. J. Bernstein wrote:
> > Certainly setuid programs require a great deal of care. They've been
> > involved in many security disasters, though far fewer than (for example)
> > world-writable directories. The security community would love to see
> > another portable IPC mechanism offering guaranteed user identification.
> > (I suggest that kernels add a getpeeruid() system call, showing the real
> > uid that called connect(), for UNIX-domain sockets and for loopback TCP
> > sockets.) However, while we're waiting, we need a few setuid programs.
>
> What's wrong with the LOCAL_CREDS option on UNIX domain sockets?

In a way, that is exactly the type of thing he is referring to, BUT,
LOCAL_CREDS must be supplied to be received as opposed to just "looked up"
with getpeeruid() (my understanding anyway).

Darren

Next message: Nick Maclaren: "Re: Why you should avoid world-writable directories"
Previous message: Jefferson Ogata: "Re: Nmap network auditing/exploring tool V. 2.00 released"
Maybe in reply to: D. J. Bernstein: "Why you should avoid world-writable directories"
Next in thread: Nick Maclaren: "Re: Why you should avoid world-writable directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:45 PDT