From owner-freebsd-security  Fri Jan  8 05:46:59 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA25322
          for freebsd-security-outgoing; Fri, 8 Jan 1999 05:46:59 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from tversu.ru (mail.tversu.ru [62.76.80.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA25245;
          Fri, 8 Jan 1999 05:45:52 -0800 (PST)
          (envelope-from vadim@gala.tversu.ru)
Received: from gala.tversu.ru (vadim@gala.tversu.ru [62.76.80.10])
	by tversu.ru (8.8.8/8.8.8) with ESMTP id QAA04817;
	Fri, 8 Jan 1999 16:41:02 +0300 (MSK)
Received: (from vadim@localhost)
	by gala.tversu.ru (8.8.8/8.8.8) id QAA10788;
	Fri, 8 Jan 1999 16:42:48 +0300 (MSK)
Date: Fri, 8 Jan 1999 16:42:48 +0300
From: Vadim Kolontsov <vadim@tversu.ru>
To: Eivind Eklund <eivind@FreeBSD.ORG>
Cc: Guido van Rooij <guido@gvr.org>, Don Lewis <Don.Lewis@tsc.tdk.com>,
        freebsd-security@FreeBSD.ORG
Subject: Re: kernel/syslogd hack
Message-ID: <19990108164248.A10764@tversu.ru>
References: <vadim@tversu.ru> <199901060039.QAA13314@salsa.gv.tsc.tdk.com> <19990106094701.A28727@tversu.ru> <19990107214242.A1721@gvr.org> <19990108141005.F348@follo.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.94.15i
In-Reply-To: <19990108141005.F348@follo.net>; from Eivind Eklund on Fri, Jan 08, 1999 at 02:10:05PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi,

On Fri, Jan 08, 1999 at 02:10:05PM +0100, Eivind Eklund wrote:

> I think we need to fix the interface here; forcing the client to 'give
> ID' is IMO bad for security (it is somewhat good for privacy,
> though...)

  Currently only client can initiate credentials transfer (using
sendmsg() and SCM_CRED). May be we can add a socket option (like
SO_LOCALCREDS); so server would be able to set it on the socket
and use recvmsg() instead of recvfrom(). 
  In uipc_send(kern/uipc_usrreq.c) we can check not only for SCM_CRED in 
sender's msg_flags, but for SO_LOCALCREDS on target socket too.

  So SCM_CREDS scheme will become symmetrical. And usable for syslogd :)

Regards,
V.
-- 
Vadim Kolontsov
Tver Internet Center NOC

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message