[8820] in bugtraq
Re: Why you should avoid world-writable directories
daemon@ATHENA.MIT.EDU (Jason Thorpe)
Thu Dec 24 20:31:57 1998
Date: Thu, 24 Dec 1998 00:50:48 -0800
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Jason Thorpe <thorpej@NAS.NASA.GOV>
To: BUGTRAQ@NETSPACE.ORG
On Wed, 23 Dec 1998 09:28:35 +1100
Darren Reed <avalon@coombs.anu.edu.au> wrote:
> In a way, that is exactly the type of thing he is referring to, BUT,
> LOCAL_CREDS must be supplied to be received as opposed to just "looked up"
> with getpeeruid() (my understanding anyway).
Yes, they are a control message. This works well for SOCK_DGRAM, but
not as well for SOCK_STREAM, since w/ SOCK_STREAM you can connect and
then never send any data, thus the task wanting the credentials never
gets them.
I've considered making SOCK_STREAM credentials available once the connect
has completed, in the NetBSD implementation.
Jason R. Thorpe thorpej@nas.nasa.gov
NASA Ames Research Center Home: +1 408 866 1912
NAS: M/S 258-5 Work: +1 650 604 0935
Moffett Field, CA 94035 Pager: +1 650 940 5942
