[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PID of client requirements

From: Roland McGrath
Subject: Re: PID of client requirements
Date: Thu, 7 Nov 2002 20:41:23 -0500 (EST)

> Something like this is quite right, I think.  But I hope I can think
> of something a little simpler.  Still, if not, then not, and we know
> that the auth protocol strategy does work.

I think I have convinced myself that the issues are precisely identical for
PIDs and UIDs.  That is, POSIX.1 says what you can expect to see, and a
POSIX.1 program can thus be written (and, we can bet, eventually will) so
that spoofing these values can constitute an exploit of that program.

So, if something simpler than the auth handshake suffices for providing
trustable PIDs, then it suffices for trustable UIDs and GIDs too.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]