Subject: Re: TCPCTL_IDENT (Was: CVS commit: src/etc)
To: Noriyuki Soda <email@example.com>
From: Klaus Klein <firstname.lastname@example.org>
Date: 05/02/2003 17:53:06
Noriyuki Soda <email@example.com> writes:
> >>>>> On Fri, 02 May 2003 23:24:58 +1000,
> Simon Burge <firstname.lastname@example.org> said:
> >> And that might open another security problem
> >> because any user can query the owner of any TCP connection now.
> > I don't have any idea of security implications of this. Anyone know
> > better?
> It has been possible before TCPCTL_IDENT, by just using /usr/bin/fstat.
But unlike TCPCTL_IDENT, fstat can be restricted easily by changing
its file permissions (albeit coarsely).