Re: Why you should avoid world-writable directories

From: Alan Cox (alanat_private)
Date: Thu Dec 24 1998 - 19:17:41 PST

Next message: HD Moore: "Nlog 1.1b released - security holes fixed"

Previous message: Aleph One: "Administrivia"
Maybe in reply to: D. J. Bernstein: "Why you should avoid world-writable directories"
Next in thread: Bill Paul: "Re: Why you should avoid world-writable directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Yes, they are a control message.  This works well for SOCK_DGRAM, but
> not as well for SOCK_STREAM, since w/ SOCK_STREAM you can connect and
> then never send any data, thus the task wanting the credentials never
> gets them.
>
> I've considered making SOCK_STREAM credentials available once the connect
> has completed, in the NetBSD implementation.

That would encourage programmers to make dangerous assumptions.

Consider

        s=socket(blah)
        connect..

        fork

        one side execs a setuid binary

The credential stream code also has to avoid merging two messages into one
recvmsg() when the credential doesnt match. Another problem with some of
these setups is the pass a pid as part of the "authentication". A pid being
temporary and reassigned (even if randomly) isnt a usable auth token

Alan

Next message: HD Moore: "Nlog 1.1b released - security holes fixed"
Previous message: Aleph One: "Administrivia"
Maybe in reply to: D. J. Bernstein: "Why you should avoid world-writable directories"
Next in thread: Bill Paul: "Re: Why you should avoid world-writable directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:26:25 PDT