From owner-freebsd-hackers Mon May 7 9:39:20 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from silby.com (adam042-060.resnet.wisc.edu [146.151.42.60]) by hub.freebsd.org (Postfix) with ESMTP id 6169F37B423 for ; Mon, 7 May 2001 09:39:16 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 38107 invoked by uid 1000); 7 May 2001 16:39:09 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 7 May 2001 16:39:09 -0000 Date: Mon, 7 May 2001 11:39:09 -0500 (CDT) From: Mike Silbersack To: Dag-Erling Smorgrav Cc: Alfred Perlstein , Dima Dorfman , "William E. Baxter" , Subject: Re: Getting peer credentials on a unix domain socket In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 7 May 2001, Dag-Erling Smorgrav wrote: > Alfred Perlstein writes: > > The silly part of it is that the socket's initial credentials > > might be different than the holder's credentials. > > That's a feature, just like you can open /dev/io as root, then drop > root privs and do direct I/O to your heart's content even if you're no > longer root. > > DES That feature is undesireable in some places, however. As an example, sockets passed from a daemon running as root to child processes as nobody still have root privs on the sockets. As such, you can't use sbsize limiting or ipfw's uid-based tracking on apache and presumably any other root spawning, priv dropping daemons. Patching the net code to drop the privs to match those of the accepting connection was easy, though I didn't test enough to check if it broke the /dev/io case or others. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message