RPC == setuid procedure call?
Randy Orrison
randy at umn-cs.cs.umn.edu
Wed Aug 24 01:28:46 AEST 1988
I'm starting to learn about RPC for a project we're working on here, and I've
come up with a question:
Is local RPC (i.e. Remote Procedure Call to a server on the local
host) usable as a setuid procedure call?
It seems to me that if the RPC server is running as uid root, and you make an
RPC to it, it should be able to do things for you, as root. Is there a
problem with this? (Other than the obvious one of validating the caller
for what he wants done!)
Is this difficulty severe enough that only root should be allowed to make
RPCs to a RPC server running as root?
All help appreciated!
--------
off the subject: I asked earlier what Sun OS people were running, and got a
request for a summary after I had thrown away quite a few letters. The
majority of sites were running 3.x, only a couple were running 4.0. Most
were waiting for 4.0 to settle down before trying the switch.
--
Randy Orrison Control Data in the Hills of Arden, MN
{bungia, uunet!hi-csc, rutgers, sun}!umn-cs!randy randy at ux.acss.umn.edu
More information about the Comp.unix.wizards
mailing list