Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 3 Nov 1997 16:19:48 -0800
From:      Don Lewis <Don.Lewis@tsc.tdk.com>
To:        Bill Paul <wpaul@skynet.ctr.columbia.edu>, perhaps@yes.no (Eivind Eklund)
Cc:        hackers@FreeBSD.ORG
Subject:   Re: Password verification (Was: cvs commit: ports/x11/kdebase - Imported sources)
Message-ID:  <199711040019.QAA10230@salsa.gv.tsc.tdk.com>
In-Reply-To: Bill Paul <wpaul@skynet.ctr.columbia.edu> "Re: Password verification (Was: cvs commit: ports/x11/kdebase - Imported sources)" (Nov  3,  9:52am)
next in thread | previous in thread | raw e-mail | index | archive | help 
On Nov 3,  9:52am, Bill Paul wrote:
} Subject: Re: Password verification (Was: cvs commit: ports/x11/kdebase - I

} The SCM_CREDS hack will work better. For those who don't know, SCM_CREDS
} is an additional type of ancillary data that you can transmit with
} sendmsg()/recvmsg() via an AF_UNIX socket. It's similar to SCM_RIGHTS
} which, in 4.4BSD, is used to transfer a file descriptor between processes.
} The idea is that the calling process does a sendmsg() with the SCM_CREDS
} flag set and an empty controll emssage buffer, and when the kernel sees 
} this in unp_internalize(), it fills in the empty buffer with the sending
} process's credentials (UID, EUID, GID, other GIDS). When the receiving
} process does a recvmsg(), it gets a copy of the filled-in buffer and
} can use the credential info to determine the identity of the sending
} process and do access checks. If the sender does not set the SCM_CREDS flag
} when it transmits, the receiver can tell and refuse to do business with
} the sender.

I think this would be an interesting way to implement rcmd().  You send
the daemon the various rcmd() arguments, then it gets your credentials
using SCM_CREDS, authenticates you with the remote host, and then passes
back the fd() for the connected socket(s) using SCM_RIGHTS.  This would
eliminate the need for rsh and rlogin to be setuid root.  The only
problem that I see is that if the remote host does an ident check it will
get the wrong information (from the daemon).  I suppose the daemon could
fork and setuid() before doing the connect.

			---  Truck

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711040019.QAA10230>