[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PID of client requirements
|
From: |
Roland McGrath |
|
Subject: |
Re: PID of client requirements |
|
Date: |
Thu, 7 Nov 2002 20:41:23 -0500 (EST) |
> Something like this is quite right, I think. But I hope I can think
> of something a little simpler. Still, if not, then not, and we know
> that the auth protocol strategy does work.
I think I have convinced myself that the issues are precisely identical for
PIDs and UIDs. That is, POSIX.1 says what you can expect to see, and a
POSIX.1 program can thus be written (and, we can bet, eventually will) so
that spoofing these values can constitute an exploit of that program.
So, if something simpler than the auth handshake suffices for providing
trustable PIDs, then it suffices for trustable UIDs and GIDs too.
- PID of client requirements, Marcus Brinkmann, 2002/11/04
- Re: PID of client requirements, Thomas Bushnell, BSG, 2002/11/04
- Re: PID of client requirements, Neal H. Walfield, 2002/11/04
- Re: PID of client requirements, Thomas Bushnell, BSG, 2002/11/05
- Re: PID of client requirements, Marcus Brinkmann, 2002/11/05
- Re: PID of client requirements, Thomas Bushnell, BSG, 2002/11/06
- Re: PID of client requirements, Marcus Brinkmann, 2002/11/06
- Re: PID of client requirements, Thomas Bushnell, BSG, 2002/11/07
- Re: PID of client requirements,
Roland McGrath <=