Who dat?

[Glenn Powell]

In article <2310 at rtech.rtech.com> daveb at rtech.com (Dave Brower) writes:
>On a single machine, we have a suid server process.  A random client
>program wishes to connect and have the server perform some services. The
>server wants to know who the client is before doing anything. They might
>be communicating with sockets, fifos, msgs, or shared memory.
>
>How can the server find out who the client is, in a spoof-proof and
>secure way?  On BSD, one can have the server ask the client to create a
>randomly-named file, and the server can see who the owner of the file
>is.  On SV, this fails because the client can chown it to be anyone
>else. (The same is true of msgs and shm segments).

You are correct that any SysV user can chown() a file to anyone else. BUT,
if you require that the file be su'id they can't get away with it.  The
chown() call will clear the suid bit when it changes the ownership and
nobody but root can set it on another person's file.

SO, have the client create a file with user execute+suid and no access
for other users.  Make sure that they not only own the file; but, have
it set suid.  It is important that there not be any access for other
users(for obvious reasons:).

This does work with named pipes(I just tried it) so it might work
with msgQ's and shared memory.  But, I haven't tried that.  Anybody
know for sure?
      ______    _________	
     / ____/   /__    __/              Glenn Powell
    / /___       /  /                  gpowell at wizdom.UUCP
   /___  /      /  /                   uunet!wizdom!gpowell
  ____/ /    __/  /__        Software Innovations Inc., Kansas City
/______/   /________/        Disclaimer:  These opinions are MINE!