Date: Mon, 7 May 2001 11:39:09 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Dag-Erling Smorgrav <des@ofug.org> Cc: Alfred Perlstein <alfred@FreeBSD.ORG>, Dima Dorfman <dima@unixfreak.org>, "William E. Baxter" <web@superscript.com>, <hackers@FreeBSD.ORG> Subject: Re: Getting peer credentials on a unix domain socket Message-ID: <Pine.BSF.4.31.0105071134280.38063-100000@achilles.silby.com> In-Reply-To: <xzpae4pzzj2.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7 May 2001, Dag-Erling Smorgrav wrote: > Alfred Perlstein <alfred@FreeBSD.ORG> writes: > > The silly part of it is that the socket's initial credentials > > might be different than the holder's credentials. > > That's a feature, just like you can open /dev/io as root, then drop > root privs and do direct I/O to your heart's content even if you're no > longer root. > > DES That feature is undesireable in some places, however. As an example, sockets passed from a daemon running as root to child processes as nobody still have root privs on the sockets. As such, you can't use sbsize limiting or ipfw's uid-based tracking on apache and presumably any other root spawning, priv dropping daemons. Patching the net code to drop the privs to match those of the accepting connection was easy, though I didn't test enough to check if it broke the /dev/io case or others. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0105071134280.38063-100000>