Date: Wed, 27 Nov 1996 14:09:21 -0800 From: Julian Elischer <julian@whistle.com> To: "Hr.Ladavac" <lada@ws2301.gud.siemens.co.at> Cc: wpaul@skynet.ctr.columbia.edu, terry@lambert.org, sprice@hiwaay.net, hackers@freebsd.org Subject: Re: looking for an idea Message-ID: <329CBC11.59E2B600@whistle.com> References: <199611271305.AA071569903@ws2301.gud.siemens.co.at>
next in thread | previous in thread | raw e-mail | index | archive | help
Hr.Ladavac wrote: > > E-mail message from Julian Elischer contained: > > Bill Paul wrote: > > > > > > > > If YOU ( the server) are root.... > > > > make a file owned by them mode 400 > > require them to open it and send you the file descriptor via AF_UNIX > > > > check it matches.. > > if it does, then > > 1/ the are themselves > > or > > 2/ they are root (game over) > > Or > 3) they made a hard link, opened that, and sent you the > file descriptor. hard links have the same ownership as the original! and only the owner can make one anyhow, so they have to be the correct user to do this.... > > The only protection agains that is a partition writable only > by root where these files are to live--almost as bad as > procfs. > > /Marino
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?329CBC11.59E2B600>