Who dat?
John F. Haugh II
jfh at rpp386.UUCP
Sun Jul 10 09:03:47 AEST 1988
In article <2310 at rtech.rtech.com> daveb at rtech.com (Dave Brower) writes:
>How can the server find out who the client is, in a spoof-proof and
>secure way? On BSD, one can have the server ask the client to create a
>randomly-named file, and the server can see who the owner of the file
>is. On SV, this fails because the client can chown it to be anyone
>else. (The same is true of msgs and shm segments).
>
>Oh wise and knowledgeable Wizards, what is a Way?
have the client create a file with the suid and sgid bits set. you
can't chown a file after setting those bits without having some of
them cleared. the documentation for chown(2) specifies that the SUID
and SGID bits are cleared if either owner or group are changed.
this should be fully fool proof.
- john.
--
John F. Haugh II +--------- Cute Chocolate Quote ---------
HASA, "S" Division | "USENET should not be confused with
UUCP: killer!rpp386!jfh | something that matters, like CHOCOLATE"
DOMAIN: jfh at rpp386.uucp | -- with my apologizes
More information about the Comp.unix.wizards
mailing list