[8798] in bugtraq
Re: Why you should avoid world-writable directories
daemon@ATHENA.MIT.EDU (Martin Forssen)
Wed Dec 23 18:41:41 1998
Date: Wed, 23 Dec 1998 11:20:27 +0100
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Martin Forssen <maf@FIREDOOR.SE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <m0zsRlk-0007U1C@the-village.bc.nu>
On Tue, 22 Dec 1998, Alan Cox wrote:
> > world-writable directories. The security community would love to see
> > another portable IPC mechanism offering guaranteed user identification.
> > (I suggest that kernels add a getpeeruid() system call, showing the real
> > uid that called connect(), for UNIX-domain sockets and for loopback TCP
> > sockets.) However, while we're waiting, we need a few setuid programs.
>
> getpeeruid() has a problem since multiple processes may write to one
> datagram socket, also processes can change uid and file handles can be
> passed around.
>
> Both recent *BSD and Linux 2.1.x have per message authentication data
> for AF_UNIX sockets that is available as a control message (ie you can
> get it via recvmsg()).
One candidate to this IPC mechanism is the doors API on Solaris. It is
fast and has a call where the server can get the credentials of the
caller. There is an alpha-quality implementation for linux available.
See http://www.rampant.org/doors for more information.
/MaF
