Date: Fri, 4 May 2001 20:34:57 -0700 From: Alfred Perlstein <alfred@freebsd.org> To: Dima Dorfman <dima@unixfreak.org> Cc: "William E. Baxter" <web@superscript.com>, hackers@freebsd.org Subject: Re: Getting peer credentials on a unix domain socket Message-ID: <20010504203457.V18676@fw.wintelcom.net> In-Reply-To: <20010505032213.3FD923E0B@bazooka.unixfreak.org>; from dima@unixfreak.org on Fri, May 04, 2001 at 08:22:13PM -0700 References: <20010504214702.A29392@zeus.superscript.com> <20010505032213.3FD923E0B@bazooka.unixfreak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Dima Dorfman <dima@unixfreak.org> [010504 20:22] wrote: > > Just to expand on that a little more (for others on the list), > consider crontab(1). It's setuid root right now. Obviously that's > not good. One way of getting rid of that setuid bit is to have > cron(8) (or another daemon) listen on a world-writable unix domain > socket, and have crontab(1) just be a user interface which sends the > information via that socket. With some mechanism to get the > credentials of the user that connected, this would be possible. The silly part of it is that the socket's initial credentials might be different than the holder's credentials. What makes a lot more sense is packaging the messages with the credentials using the existing interface rather than trusting possibly stale credential information. -- -Alfred Perlstein - [alfred@freebsd.org] Represent yourself, show up at BABUG http://www.babug.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010504203457.V18676>