From owner-freebsd-hackers  Mon Nov 25 12:03:32 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id MAA05014
          for hackers-outgoing; Mon, 25 Nov 1996 12:03:32 -0800 (PST)
Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id MAA04984
          for <hackers@FreeBSD.org>; Mon, 25 Nov 1996 12:03:04 -0800 (PST)
Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.8.2/8.8.2) with SMTP id LAA23947; Mon, 25 Nov 1996 11:53:21 -0800 (PST)
Message-ID: <3299F91F.59E2B600@whistle.com>
Date: Mon, 25 Nov 1996 11:53:03 -0800
From: Julian Elischer <julian@whistle.com>
Organization: Whistle Communications
X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2-CURRENT i386)
MIME-Version: 1.0
To: Jonathan Lemon <jlemon@americantv.com>
CC: Bill Paul <wpaul@skynet.ctr.columbia.edu>, hackers@FreeBSD.org
Subject: Re: looking for an idea
References: <199611242122.QAA02399@skynet.ctr.columbia.edu> <199611251840.SAA21376@right.PCS>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

Jonathan Lemon wrote:
> 
> > semaphore -- Gaaahhh!!). Previously, I also experimented with
> > sending a file descriptor over the AF_UNIX socket from the client
> > to the server using sendmsg()/revcmsg(), but this doesn't provide
> > any useful (i.e. trustworthy) information either. I thought about
> 
> Hm.  I think this is probably the right track.  What you want is some way
> for the process on the other end of the pipe to prove it's identity to the
> server.

I was thinking more along the lines of the ownership of the fifo :)

> 
> How about having the client create a file of mode 000, and then pass that
> open file descriptor back to the server?  Since it's mode 000, only the
> owner of the file could have opened it (or chowned it to 000).  The file can
> either be created randomly by the client, or specified by the server.
> 
> The server can then use the fstat() call on the passed file descriptor to
> verify that the mode is 000, and that the file was indeed opened by the
> remote process.  It also gets the uid from the fstat() call.
> --
> Jonathan