Thor Lancelot Simon wrote:
> On Fri, Dec 22, 2006 at 03:24:58AM +0100, Christian Biere wrote:
> > Thor Lancelot Simon wrote:
> > > Can you actually propose a specific example where checking the ruid of
> > > the helper executable would not help, but checking the socket credentials
> > > would?
> > 
> > Yes, if the other side of the socket has privileges that can be verified.
> > After reading the original thread on tech-userlevel I assume that the other
> > side of the socket has not any specific privileges i.e., it's not a setgid-
> > or setuid-executable.
> 
> Let me try again: can you propose a concrete example where checking the
> ruid of the helper executable would not help, but checking the socket
> credentials would, in the actual application we are discussing, which is
> password validation by a PAM or NSS helper routine?

If one wants to limit the use of this helper to programs which are supposed to
make use of it, you could make them set-gid "may-use-passwd-helper". The helper
could check for this group using the credentials. In this simple case it might
as well use getgid() or getegid().

-- 
Christian