From owner-freebsd-hackers  Tue Nov 26 01:26:22 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id BAA03026
          for hackers-outgoing; Tue, 26 Nov 1996 01:26:22 -0800 (PST)
Received: from zwei.siemens.at (zwei.siemens.at [193.81.246.12])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id BAA03013
          for <hackers@freebsd.org>; Tue, 26 Nov 1996 01:26:16 -0800 (PST)
Received: from sol1.gud.siemens.co.at (root@[10.1.143.100]) by zwei.siemens.at (8.7.5/8.7.3) with SMTP id KAA15438 for <hackers@freebsd.org>; Tue, 26 Nov 1996 10:25:20 +0100 (MET)
Received: from ws2301.gud.siemens.co.at by sol1.gud.siemens.co.at with smtp
	(Smail3.1.28.1 #7 for <hackers@freebsd.org>) 
	id m0vSJle-00023JC; Tue, 26 Nov 96 10:25 MET
Received: by ws2301.gud.siemens.co.at (1.37.109.16/1.37)
	id AA137920219; Tue, 26 Nov 1996 10:23:39 +0100
From: "Hr.Ladavac" <lada@ws2301.gud.siemens.co.at>
Message-Id: <199611260923.AA137920219@ws2301.gud.siemens.co.at>
Subject: Re: looking for an idea
To: jlemon@americantv.com (Jonathan Lemon)
Date: Tue, 26 Nov 1996 10:23:39 +0100 (MEZ)
Cc: wpaul@skynet.ctr.columbia.edu, hackers@freebsd.org
In-Reply-To: <199611251840.SAA21376@right.PCS> from "Jonathan Lemon" at Nov 25, 96 12:40:50 pm
X-Mailer: ELM [version 2.4 PL24 ME8a]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

E-mail message from Jonathan Lemon contained:
> > semaphore -- Gaaahhh!!). Previously, I also experimented with
> > sending a file descriptor over the AF_UNIX socket from the client
> > to the server using sendmsg()/revcmsg(), but this doesn't provide
> > any useful (i.e. trustworthy) information either. I thought about
> 
> Hm.  I think this is probably the right track.  What you want is some way
> for the process on the other end of the pipe to prove it's identity to the
> server.  
> 
> How about having the client create a file of mode 000, and then pass that
> open file descriptor back to the server?  Since it's mode 000, only the 
> owner of the file could have opened it (or chowned it to 000).  The file can
> either be created randomly by the client, or specified by the server.

Won't work on SysV.  Anyone can chown(2) his own files to anyone else.
The funny thing about it is that they claim they support quotas :)

But if you restrict yourself to .*BSD, it might work.

/Marino
> 
> The server can then use the fstat() call on the passed file descriptor to
> verify that the mode is 000, and that the file was indeed opened by the
> remote process.  It also gets the uid from the fstat() call.
> --
> Jonathan
>