Bugtraq mailing list archives
Re: Why you should avoid world-writable directories
From: thorpej () NAS NASA GOV (Jason Thorpe)
Date: Thu, 24 Dec 1998 00:50:48 -0800
On Wed, 23 Dec 1998 09:28:35 +1100 Darren Reed <avalon () coombs anu edu au> wrote:
In a way, that is exactly the type of thing he is referring to, BUT, LOCAL_CREDS must be supplied to be received as opposed to just "looked up" with getpeeruid() (my understanding anyway).
Yes, they are a control message. This works well for SOCK_DGRAM, but not as well for SOCK_STREAM, since w/ SOCK_STREAM you can connect and then never send any data, thus the task wanting the credentials never gets them. I've considered making SOCK_STREAM credentials available once the connect has completed, in the NetBSD implementation. Jason R. Thorpe thorpej () nas nasa gov NASA Ames Research Center Home: +1 408 866 1912 NAS: M/S 258-5 Work: +1 650 604 0935 Moffett Field, CA 94035 Pager: +1 650 940 5942
Current thread:
- Re: Why you should avoid world-writable directories Ben Laurie (Dec 22)
- Re: Why you should avoid world-writable directories Darren Reed (Dec 22)
- Re: Why you should avoid world-writable directories Rich Burroughs (Dec 22)
- Re: Why you should avoid world-writable directories Wietse Venema (Dec 22)
- <Possible follow-ups>
- Re: Why you should avoid world-writable directories Nick Maclaren (Dec 22)
- Re: Why you should avoid world-writable directories Jason Thorpe (Dec 24)
- Re: Why you should avoid world-writable directories Alan Cox (Dec 24)
- Administrivia Aleph One (Dec 26)
- Nlog 1.1b released - security holes fixed HD Moore (Dec 26)
- referer problems... Spencer Portee - Yard Productions (Dec 26)
- Re: Why you should avoid world-writable directories Jason Thorpe (Dec 24)
- Re: Why you should avoid world-writable directories Bill Paul (Dec 26)
- Re: Why you should avoid world-writable directories Robert Watson (Dec 27)
- Re: Why you should avoid world-writable directories Bill Paul (Dec 26)