From owner-p4-projects@FreeBSD.ORG Mon Aug 25 14:07:33 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 8380116A4E1; Mon, 25 Aug 2003 14:07:33 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B30216A4C0 for ; Mon, 25 Aug 2003 14:07:33 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5A85743FCB for ; Mon, 25 Aug 2003 14:07:32 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h7PL7W0U097310 for ; Mon, 25 Aug 2003 14:07:32 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h7PL7V9I097307 for perforce@freebsd.org; Mon, 25 Aug 2003 14:07:31 -0700 (PDT) Date: Mon, 25 Aug 2003 14:07:31 -0700 (PDT) Message-Id: <200308252107.h7PL7V9I097307@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 36911 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 21:07:34 -0000 http://perforce.freebsd.org/chv.cgi?CH=36911 Change 36911 by rwatson@rwatson_paprika on 2003/08/25 14:06:49 Cleanup to general socket description, and System V IPC namespace discussion. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/arch-handbook/secarch/chapter.sgml#3 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/arch-handbook/secarch/chapter.sgml#3 (text+ko) ==== @@ -1817,10 +1817,20 @@ Individual protocols implement protections appropriate to their namespaces and semantics, including controlling access to the namespace, read and write privileges, etc. + Namespaces may be local, such as the file system namespace, + or be distributed across many nodes, as is the case with the + IPv4 network implementation. As sockets are referenced by file descriptors, they may be inheritted across fork() and exec() operations, as well as passed to other processes using UNIX Domain Socket file - descriptor passing. + descriptor passing. + In some situations, a reference to a socket via a file + descriptor is sufficient to authorize use of the socket by + a process; in others, the process must also have appropriate + privilege by virtue of its process credential. + As such, processes with access to sockets, as with other + objects, should take care to permit only authorized processes + to gain access to the sockets. @@ -1845,18 +1855,12 @@ references to the object cannot be created, however. Objects may also be created with the IPC_PRIVATE name, specifying that they should not be accessible to any other - processes. - - -Three kinds of System V IPC objects: semaphores, message queues, and -shared memory segments. - -Other than preventing collisions for live objects, no protections are -placed on the namespace itself, which may permit denial of service or -spoofing attacks to take place; unfortunately, this is a property of -the industry-standard APIs that is not easily corrected without -polyinstantiation. - + processes. + As the System V IPC namespace is not controlled, applications + may be subject to spoofing, reuse, and race attacks by + other processes who have equal ability to modify the + namespace; unfortunately, this is a property of the + industry-standard API that is not easily corrected. Each object has an ipc permissions object, holding creator uid, creator gid, owner uid and owner gid.