> Yes, they are a control message. This works well for SOCK_DGRAM, but > not as well for SOCK_STREAM, since w/ SOCK_STREAM you can connect and > then never send any data, thus the task wanting the credentials never > gets them. > > I've considered making SOCK_STREAM credentials available once the connect > has completed, in the NetBSD implementation. That would encourage programmers to make dangerous assumptions. Consider s=socket(blah) connect.. fork one side execs a setuid binary The credential stream code also has to avoid merging two messages into one recvmsg() when the credential doesnt match. Another problem with some of these setups is the pass a pid as part of the "authentication". A pid being temporary and reassigned (even if randomly) isnt a usable auth token Alan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:26:25 PDT