Re: Extended SCM_RIGHTS for AF_UNIX sockets
Marty Leisner (leisner@sdsp.mc.xerox.com)
Mon, 22 Jul 1996 09:01:10 PDT
>
> We can now pass file descriptors down Unix domain sockets with
> an SCM_RIGHTS control messages in sendmsg() but can't easily
> tell for *certain* who sent them to us. [Guesses made via
> getpeername and stat are subject to minor attacks.] SysV file
> descriptor passing uses a STREAMS I_SENDFD and the receiver gets
> the sender's euid and egid. I'd like to add something like
> SCM_XRIGHTS to Linux which would behaves like SCM_RIGHTS on the
> sender side but the receiver gets a control message containing:
> uid_t uid;
> gid_t gid;
> pid_t pid;
> int fd[...];
> instead of just the array of descriptors. Notice that the trivial
> case is also useful. The sender can send zero file descriptors with
> SCM_RIGHTS and the receiver can verify who sent the message, both
> uid/gid and the PID of the sender. Would anyone mind if I added this
> extension?
>
I don't see why its necessary...you can devise a protocol where this
information
is in the data field...
Passing fds have to be buy cooperating applications...you can put in id's with
the data if you want to ...but you can spoof it...
Note I have no experience where we want to do this...
--
marty
leisner@sdsp.mc.xerox.com
Member of the League for Programming Freedom