On Tue, 22 Dec 1998, Alan Cox wrote: > > world-writable directories. The security community would love to see > > another portable IPC mechanism offering guaranteed user identification. > > (I suggest that kernels add a getpeeruid() system call, showing the real > > uid that called connect(), for UNIX-domain sockets and for loopback TCP > > sockets.) However, while we're waiting, we need a few setuid programs. > > getpeeruid() has a problem since multiple processes may write to one > datagram socket, also processes can change uid and file handles can be > passed around. > > Both recent *BSD and Linux 2.1.x have per message authentication data > for AF_UNIX sockets that is available as a control message (ie you can > get it via recvmsg()). One candidate to this IPC mechanism is the doors API on Solaris. It is fast and has a call where the server can get the credentials of the caller. There is an alpha-quality implementation for linux available. See http://www.rampant.org/doors for more information. /MaF
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:52 PDT