[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC: [PATCH] SCM_CREDS support
|
From: |
Neal H. Walfield |
|
Subject: |
Re: RFC: [PATCH] SCM_CREDS support |
|
Date: |
Thu, 24 Oct 2013 15:48:30 +0200 |
|
User-agent: |
Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (Gojō) APEL/10.8 Emacs/23.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) |
At Thu, 24 Oct 2013 15:38:11 +0200,
Svante Signell wrote:
> > Well, the question is quite simple: what happens when the sender
> > provides faked ports, e.g. pointing to other proc/auth servers? That's
> > where having to explain how the patch is working would possibly even
> > work out the security issues.
>
> How could it point to other proc/auth servers? The receiver is using the
> ports of the same proc server. Are you considering more than one
> instance running? This is communication on a local socket, and the
> socket read/write mode is controlling the access to it. In the
> implementation only the same user and root could send. for other users
> the socket permission has to be changed from srw-r--r-- to srw-r--rw-
> Tested by sending as another user.
There is not a check of who opened the socket, but the sender. These
may be different.
Neal
- RFC: [PATCH] SCM_CREDS support, Svante Signell, 2013/10/24
- Re: RFC: [PATCH] SCM_CREDS support, Samuel Thibault, 2013/10/24
- Re: RFC: [PATCH] SCM_CREDS support, Svante Signell, 2013/10/24
- Re: RFC: [PATCH] SCM_CREDS support,
Neal H. Walfield <=
- Re: RFC: [PATCH] SCM_CREDS support, Samuel Thibault, 2013/10/24
- Re: RFC: [PATCH] SCM_CREDS support, Svante Signell, 2013/10/24
- Re: RFC: [PATCH] SCM_CREDS support, Samuel Thibault, 2013/10/24
- Re: RFC: [PATCH] SCM_CREDS support, Svante Signell, 2013/10/24
- Re: RFC: [PATCH] SCM_CREDS support, Samuel Thibault, 2013/10/24
- Re: RFC: [PATCH] SCM_CREDS support, Svante Signell, 2013/10/24