[8846] in bugtraq
Re: Why you should avoid world-writable directories
daemon@ATHENA.MIT.EDU (Alan Cox)
Sat Dec 26 17:30:50 1998
Date: Fri, 25 Dec 1998 03:17:41 +0000
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199812240850.AAA01583@lestat.nas.nasa.gov> from "Jason Thorpe"
at Dec 24, 98 00:50:48 am
> Yes, they are a control message. This works well for SOCK_DGRAM, but
> not as well for SOCK_STREAM, since w/ SOCK_STREAM you can connect and
> then never send any data, thus the task wanting the credentials never
> gets them.
>
> I've considered making SOCK_STREAM credentials available once the connect
> has completed, in the NetBSD implementation.
That would encourage programmers to make dangerous assumptions.
Consider
s=socket(blah)
connect..
fork
one side execs a setuid binary
The credential stream code also has to avoid merging two messages into one
recvmsg() when the credential doesnt match. Another problem with some of
these setups is the pass a pid as part of the "authentication". A pid being
temporary and reassigned (even if randomly) isnt a usable auth token
Alan