From owner-freebsd-hackers  Fri May  4 20:35: 4 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP id E742237B422
	for <hackers@freebsd.org>; Fri,  4 May 2001 20:35:00 -0700 (PDT)
	(envelope-from bright@fw.wintelcom.net)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id f453YvC05837;
	Fri, 4 May 2001 20:34:57 -0700 (PDT)
Date: Fri, 4 May 2001 20:34:57 -0700
From: Alfred Perlstein <alfred@freebsd.org>
To: Dima Dorfman <dima@unixfreak.org>
Cc: "William E. Baxter" <web@superscript.com>, hackers@freebsd.org
Subject: Re: Getting peer credentials on a unix domain socket
Message-ID: <20010504203457.V18676@fw.wintelcom.net>
References: <20010504214702.A29392@zeus.superscript.com> <20010505032213.3FD923E0B@bazooka.unixfreak.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010505032213.3FD923E0B@bazooka.unixfreak.org>; from dima@unixfreak.org on Fri, May 04, 2001 at 08:22:13PM -0700
X-all-your-base: are belong to us.
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

* Dima Dorfman <dima@unixfreak.org> [010504 20:22] wrote:
> 
> Just to expand on that a little more (for others on the list),
> consider crontab(1).  It's setuid root right now.  Obviously that's
> not good.  One way of getting rid of that setuid bit is to have
> cron(8) (or another daemon) listen on a world-writable unix domain
> socket, and have crontab(1) just be a user interface which sends the
> information via that socket.  With some mechanism to get the
> credentials of the user that connected, this would be possible.

The silly part of it is that the socket's initial credentials
might be different than the holder's credentials.

What makes a lot more sense is packaging the messages with the
credentials using the existing interface rather than trusting
possibly stale credential information.

-- 
-Alfred Perlstein - [alfred@freebsd.org]
Represent yourself, show up at BABUG http://www.babug.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message