Re: Why you should avoid world-writable directories

From: Casper Dik (casperat_private)
Date: Wed Dec 23 1998 - 01:16:40 PST

Next message: Kragen Sitaker: "Re: Why you should avoid world-writable directories"

Previous message: Wietse Venema: "Re: Why you should avoid world-writable directories"
Maybe in reply to: D. J. Bernstein: "Why you should avoid world-writable directories"
Next in thread: Kragen Sitaker: "Re: Why you should avoid world-writable directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>getpeeruid() has a problem since multiple processes may write to one
>datagram socket, also processes can change uid and file handles can be
>passed around.
>
>Both recent *BSD and Linux 2.1.x have per message authentication data
>for AF_UNIX sockets that is available as a control message (ie you can
>get it via recvmsg()).


Also, on systems that have STREAMs based loopback transports, support
exists to get the other ends credentials in a similar manner.

This is used for authentication on Solaris 2.x loopback rpc
(rpcbind, vold, autofsd, keyserv)

Casper

Next message: Kragen Sitaker: "Re: Why you should avoid world-writable directories"
Previous message: Wietse Venema: "Re: Why you should avoid world-writable directories"
Maybe in reply to: D. J. Bernstein: "Why you should avoid world-writable directories"
Next in thread: Kragen Sitaker: "Re: Why you should avoid world-writable directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:49 PDT