Re: suidpid( UID, credential? ) ? secure IPC?

Jochen Friedrich (jochen@scram.de)
Mon, 06 Oct 1997 12:16:53 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: news: "Re: suidpid( UID, credential? ) ? secure IPC?"
Previous message: Abhijit Lahiri: "Re: Weirdnes!"
Maybe in reply to: Jim Dennis: "suidpid( UID, credential? ) ? secure IPC?"
Next in thread: news: "Re: suidpid( UID, credential? ) ? secure IPC?"

kwrohrer@enteract.com wrote:
>
> And lo, Jim Dennis saith unto me:
> > I was wondering if there is any mechanism for having some
> > process (a daemon or kernel module perhaps) "touch" a process
> > and set its *real* UID to a different value.
> Probably not.
>
> > Would it make sense to add a suidpid() call?
> What happens if, after authentication, the process dies and another
> process pops up with the same PID? Hard to do nowadays, but I don't
> believe it's guaranteed impossible, especially given some way of
> bogging the authenticator down at the right moment...

I don´t see this problem when the kernel handles this problem:
- program calls kernel seteuid_auth(authinfo)
- kernel blocks program and passes authinfo to authenticator
- authenticator verifies authinfo and passes back status
- kernel changes euid (or responds with error) of program
- kernel releases program.

A process can´t be killed while it is blocked in the kernel.
The kernel would need to check the authenticator and i.e. signal
init if the authenticator dies.

My $0.02.

Jochen

Next message: news: "Re: suidpid( UID, credential? ) ? secure IPC?"
Previous message: Abhijit Lahiri: "Re: Weirdnes!"
Maybe in reply to: Jim Dennis: "suidpid( UID, credential? ) ? secure IPC?"
Next in thread: news: "Re: suidpid( UID, credential? ) ? secure IPC?"