Subject: Re: open_as vs fuid
To: None <,>
From: Michael Richardson <>
List: tech-kern
Date: 11/05/2000 20:01:23
>>>>> "Todd" == Todd Vierling <> writes:
    Todd> : 
    Todd> :   I like this.

    Todd> :   Exactly.
    Todd> :   And "fuid" as I'll call it, can be implemented in either user space or
    Todd> : kernel space (think Linux emulation) in terms of open_as(), but not the
    Todd> : converse.
    Todd> :   fuid may be more secure in the face of buffer overflow attacks, etc.

    Todd> Has ANYONE in this thread considered that we already have a possibly more
    Todd> secure mechanism for this, that could be combined simultaneously with
    Todd> authentication for use by a non-suid program?

    Todd> See unix(4) and its description of passing fd's via a "cmsghdr".

  Yes, this is a good direction to explore.
  BTW, you can use socketpair() as well, I think.

  Are you are suggesting that the program wouldn't have need to be setuid in
the first place had it used some server?
  Or that one should do:
     if(fork()==0) {
		   /* read file name from socket */	
		   /* send file descriptor to parent */
] Train travel features AC outlets with no take-off restrictions|  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [