Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why you should avoid world-writable directories

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Tue, 22 Dec 1998 13:22:35 +0000


world-writable directories. The security community would love to see
another portable IPC mechanism offering guaranteed user identification.
(I suggest that kernels add a getpeeruid() system call, showing the real
uid that called connect(), for UNIX-domain sockets and for loopback TCP
sockets.) However, while we're waiting, we need a few setuid programs.


getpeeruid() has a problem since multiple processes may write to one
datagram socket, also processes can change uid and file handles can be
passed around.

Both recent *BSD and Linux 2.1.x have per message authentication data
for AF_UNIX sockets that is available as a control message (ie you can
get it via recvmsg()).

Alan
Previous By Date Next
Previous By Thread Next

Current thread: