Bugtraq mailing list archives
Re: Why you should avoid world-writable directories
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Fri, 25 Dec 1998 03:17:41 +0000
Yes, they are a control message. This works well for SOCK_DGRAM, but not as well for SOCK_STREAM, since w/ SOCK_STREAM you can connect and then never send any data, thus the task wanting the credentials never gets them. I've considered making SOCK_STREAM credentials available once the connect has completed, in the NetBSD implementation.
That would encourage programmers to make dangerous assumptions.
Consider
s=socket(blah)
connect..
fork
one side execs a setuid binary
The credential stream code also has to avoid merging two messages into one
recvmsg() when the credential doesnt match. Another problem with some of
these setups is the pass a pid as part of the "authentication". A pid being
temporary and reassigned (even if randomly) isnt a usable auth token
Alan
Current thread:
- Re: Why you should avoid world-writable directories Ben Laurie (Dec 22)
- Re: Why you should avoid world-writable directories Darren Reed (Dec 22)
- Re: Why you should avoid world-writable directories Rich Burroughs (Dec 22)
- Re: Why you should avoid world-writable directories Wietse Venema (Dec 22)
- <Possible follow-ups>
- Re: Why you should avoid world-writable directories Nick Maclaren (Dec 22)
- Re: Why you should avoid world-writable directories Jason Thorpe (Dec 24)
- Re: Why you should avoid world-writable directories Alan Cox (Dec 24)
- Administrivia Aleph One (Dec 26)
- Nlog 1.1b released - security holes fixed HD Moore (Dec 26)
- referer problems... Spencer Portee - Yard Productions (Dec 26)
- Re: Why you should avoid world-writable directories Jason Thorpe (Dec 24)
- Re: Why you should avoid world-writable directories Bill Paul (Dec 26)
- Re: Why you should avoid world-writable directories Robert Watson (Dec 27)
- Re: Why you should avoid world-writable directories Bill Paul (Dec 26)