bug-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC: [PATCH] SCM_CREDS support


From: Neal H. Walfield
Subject: Re: RFC: [PATCH] SCM_CREDS support
Date: Thu, 24 Oct 2013 15:48:30 +0200
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (Goj┼Ź) APEL/10.8 Emacs/23.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)

At Thu, 24 Oct 2013 15:38:11 +0200,
Svante Signell wrote:
> > Well, the question is quite simple: what happens when the sender
> > provides faked ports, e.g. pointing to other proc/auth servers?  That's
> > where having to explain how the patch is working would possibly even
> > work out the security issues.
> 
> How could it point to other proc/auth servers? The receiver is using the
> ports of the same proc server. Are you considering more than one
> instance running? This is communication on a local socket, and the
> socket read/write mode is controlling the access to it. In the
> implementation only the same user and root could send. for other users
> the socket permission has to be changed from srw-r--r-- to srw-r--rw-
> Tested by sending as another user.

There is not a check of who opened the socket, but the sender.  These
may be different.

Neal



reply via email to

[Prev in Thread] Current Thread [Next in Thread]