[8846] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Why you should avoid world-writable directories

daemon@ATHENA.MIT.EDU (Alan Cox)
Sat Dec 26 17:30:50 1998

Date: 	Fri, 25 Dec 1998 03:17:41 +0000
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <199812240850.AAA01583@lestat.nas.nasa.gov> from "Jason Thorpe"
              at Dec 24, 98 00:50:48 am

> Yes, they are a control message.  This works well for SOCK_DGRAM, but
> not as well for SOCK_STREAM, since w/ SOCK_STREAM you can connect and
> then never send any data, thus the task wanting the credentials never
> gets them.
>
> I've considered making SOCK_STREAM credentials available once the connect
> has completed, in the NetBSD implementation.

That would encourage programmers to make dangerous assumptions.

Consider

        s=socket(blah)
        connect..

        fork

        one side execs a setuid binary

The credential stream code also has to avoid merging two messages into one
recvmsg() when the credential doesnt match. Another problem with some of
these setups is the pass a pid as part of the "authentication". A pid being
temporary and reassigned (even if randomly) isnt a usable auth token

Alan

home help back first fref pref prev next nref lref last post