Subject: Re: open_as vs fuid
To: matthew green <>
From: Andrew Brown <>
List: tech-kern
Date: 11/06/2000 00:06:06
>   Has ANYONE in this thread considered that we already have a possibly more
>   secure mechanism for this, that could be combined simultaneously with
>   authentication for use by a non-suid program?
>   See unix(4) and its description of passing fd's via a "cmsghdr".
>how does this fix ping & traceroute as they currently stand?

they could be changed to do this:

main(int argc, char *argv[])
	/* various declarations */
	int p[2];
	switch (fork()) {
	case -1:	err(1, "fork");
	case 0:		close(p[1]); suid_function(); exit(0);
	default:	close(p[0]); setuid(getuid()); break;

and then it could repeatedly ask for the sockets that it needs,
without you having to audit anything except suid_function().

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."