Date: Sat, 5 May 2001 00:12:11 -0400 From: "William E. Baxter" <web@superscript.com> To: Alfred Perlstein <alfred@freebsd.org> Cc: hackers@freebsd.org, dima@unixfreak.org Subject: Re: Getting peer credentials on a unix domain socket Message-ID: <20010505001211.A27676@zeus.superscript.com> In-Reply-To: <20010504203457.V18676@fw.wintelcom.net>; from alfred@freebsd.org on Fri, May 04, 2001 at 08:34:57PM -0700 References: <20010504214702.A29392@zeus.superscript.com> <20010505032213.3FD923E0B@bazooka.unixfreak.org> <20010504203457.V18676@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 04, 2001 at 08:34:57PM -0700, Alfred Perlstein wrote: > The silly part of it is that the socket's initial credentials > might be different than the holder's credentials. A user calls connect() with one set of credentials, subsequently changes credentials, and writes to the socket. Alternatively, the same user first changes credentials, then calls connect() and writes to the socket. So what? > What makes a lot more sense is packaging the messages with the > credentials using the existing interface rather than trusting > possibly stale credential information. My conditions are: 1. Server can obtain credentials of connect() caller (effective uid and gid suffice). 2. Server can obtain credentials without depending on client to send data. Condition (2) prevents local users from launching an anonymous DoS attack by calling connect() and sending no data. How does your approach satisfy condition (2)? W. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010505001211.A27676>