Re: Extended SCM_RIGHTS for AF_UNIX sockets

Jens-Uwe Mager (jum@anubis.han.de)
Wed, 24 Jul 1996 19:00:51 GMT


In article <9607221601.AA11176@gnu.mc.xerox.com>, "Marty Leisner"
<leisner@sdsp.mc.xerox.com> wrote:

> >
> > We can now pass file descriptors down Unix domain sockets with
> > an SCM_RIGHTS control messages in sendmsg() but can't easily
> > tell for *certain* who sent them to us. [Guesses made via
> > getpeername and stat are subject to minor attacks.] SysV file
> > descriptor passing uses a STREAMS I_SENDFD and the receiver gets
> > the sender's euid and egid. I'd like to add something like
> > SCM_XRIGHTS to Linux which would behaves like SCM_RIGHTS on the
> > sender side but the receiver gets a control message containing:
> > uid_t uid;
> > gid_t gid;
> > pid_t pid;
> > int fd[...];
> > instead of just the array of descriptors. Notice that the trivial
> > case is also useful. The sender can send zero file descriptors with
> > SCM_RIGHTS and the receiver can verify who sent the message, both
> > uid/gid and the PID of the sender. Would anyone mind if I added this
> > extension?
> >
>
> I don't see why its necessary...you can devise a protocol where this
> information
> is in the data field...
>
> Passing fds have to be buy cooperating applications...you can put in id's with
> the data if you want to ...but you can spoof it...
>
> Note I have no experience where we want to do this...

You can easily pass a file descriptor to a file opened read/write with
mode 0600 to a server application, the server app can then use fstat to
find the credentials.
______________________________________________________________________________
Jens-Uwe Mager jum@anubis.han.de
30177 Hannover jum@helios.de
Brahmsstr. 3 Tel.: +49 511 660238