OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: open_as vs fuid
From: Michael Richardson (mcrsandelman.ottawa.on.ca)
Date: Sun Nov 05 2000 - 19:01:23 CST

>>>>> "Todd" == Todd Vierling <tvwasabisystems.com> writes:
    Todd> :
    Todd> : I like this.

    Todd> : Exactly.
    Todd> : And "fuid" as I'll call it, can be implemented in either user space or
    Todd> : kernel space (think Linux emulation) in terms of open_as(), but not the
    Todd> : converse.
    Todd> : fuid may be more secure in the face of buffer overflow attacks, etc.

    Todd> Has ANYONE in this thread considered that we already have a possibly more
    Todd> secure mechanism for this, that could be combined simultaneously with
    Todd> authentication for use by a non-suid program?

    Todd> See unix(4) and its description of passing fd's via a "cmsghdr".

  Yes, this is a good direction to explore.
  BTW, you can use socketpair() as well, I think.

  Are you are suggesting that the program wouldn't have need to be setuid in
the first place had it used some server?
  Or that one should do:
     if(fork()==0) {
                   setuid(getuid());
                   /* read file name from socket */
                   open(filename);
                   /* send file descriptor to parent */
     }
                                      
] Train travel features AC outlets with no take-off restrictions| firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcrsandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [