On Fri, Dec 22, 2006 at 03:24:58AM +0100, Christian Biere wrote:
> Thor Lancelot Simon wrote:
> > Can you actually propose a specific example where checking the ruid of
> > the helper executable would not help, but checking the socket credentials
> > would?
> 
> Yes, if the other side of the socket has privileges that can be verified.
> After reading the original thread on tech-userlevel I assume that the other
> side of the socket has not any specific privileges i.e., it's not a setgid-
> or setuid-executable.

Let me try again: can you propose a concrete example where checking the
ruid of the helper executable would not help, but checking the socket
credentials would, in the actual application we are discussing, which is
password validation by a PAM or NSS helper routine?

Thor