Subject: Re: open_as vs fuid
To: None <firstname.lastname@example.org, email@example.com>
From: Michael Richardson <firstname.lastname@example.org>
Date: 11/05/2000 20:01:23
>>>>> "Todd" == Todd Vierling <email@example.com> writes:
Todd> : I like this.
Todd> : Exactly.
Todd> : And "fuid" as I'll call it, can be implemented in either user space or
Todd> : kernel space (think Linux emulation) in terms of open_as(), but not the
Todd> : converse.
Todd> : fuid may be more secure in the face of buffer overflow attacks, etc.
Todd> Has ANYONE in this thread considered that we already have a possibly more
Todd> secure mechanism for this, that could be combined simultaneously with
Todd> authentication for use by a non-suid program?
Todd> See unix(4) and its description of passing fd's via a "cmsghdr".
Yes, this is a good direction to explore.
BTW, you can use socketpair() as well, I think.
Are you are suggesting that the program wouldn't have need to be setuid in
the first place had it used some server?
Or that one should do:
/* read file name from socket */
/* send file descriptor to parent */
] Train travel features AC outlets with no take-off restrictions| firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] firstname.lastname@example.org http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [