Date: Mon, 3 Nov 1997 16:19:48 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Bill Paul <wpaul@skynet.ctr.columbia.edu>, perhaps@yes.no (Eivind Eklund) Cc: hackers@FreeBSD.ORG Subject: Re: Password verification (Was: cvs commit: ports/x11/kdebase - Imported sources) Message-ID: <199711040019.QAA10230@salsa.gv.tsc.tdk.com> In-Reply-To: Bill Paul <wpaul@skynet.ctr.columbia.edu> "Re: Password verification (Was: cvs commit: ports/x11/kdebase - Imported sources)" (Nov 3, 9:52am)
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 3, 9:52am, Bill Paul wrote: } Subject: Re: Password verification (Was: cvs commit: ports/x11/kdebase - I } The SCM_CREDS hack will work better. For those who don't know, SCM_CREDS } is an additional type of ancillary data that you can transmit with } sendmsg()/recvmsg() via an AF_UNIX socket. It's similar to SCM_RIGHTS } which, in 4.4BSD, is used to transfer a file descriptor between processes. } The idea is that the calling process does a sendmsg() with the SCM_CREDS } flag set and an empty controll emssage buffer, and when the kernel sees } this in unp_internalize(), it fills in the empty buffer with the sending } process's credentials (UID, EUID, GID, other GIDS). When the receiving } process does a recvmsg(), it gets a copy of the filled-in buffer and } can use the credential info to determine the identity of the sending } process and do access checks. If the sender does not set the SCM_CREDS flag } when it transmits, the receiver can tell and refuse to do business with } the sender. I think this would be an interesting way to implement rcmd(). You send the daemon the various rcmd() arguments, then it gets your credentials using SCM_CREDS, authenticates you with the remote host, and then passes back the fd() for the connected socket(s) using SCM_RIGHTS. This would eliminate the need for rsh and rlogin to be setuid root. The only problem that I see is that if the remote host does an ident check it will get the wrong information (from the daemon). I suppose the daemon could fork and setuid() before doing the connect. --- Truck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711040019.QAA10230>