Thor Lancelot Simon wrote:
> Can you actually propose a specific example where checking the ruid of
> the helper executable would not help, but checking the socket credentials
> would?

Yes, if the other side of the socket has privileges that can be verified.
After reading the original thread on tech-userlevel I assume that the other
side of the socket has not any specific privileges i.e., it's not a setgid-
or setuid-executable.

I can think of another example though. Consider a setuid-executable which is a
helper to obtain a privileged socket as an unprivileged user using file
descriptor passing over an anonymous unix domain socket. You don't want that
any program run by the user can use this helper. So you could make the program
in question a set-gid executable. The helper would check for this group and
thus indirectly limit use of it to this executable. The set-gid and set-uid
bits also take care that the file descriptor cannot be hijacked with ptrace or
the like.

-- 
Christian