[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: getpeercred() on the Hurd

At Tue, 17 Jun 2008 22:49:16 +0200,
Arthur de Jong wrote:
> Hello list (I'm not subscribed so please keep me in Cc).
> I'm the maintainer of nss-ldapd. I saw that the package was recently
> built for GNU Hurd. I haven't tested the package on Hurd but there is
> one (not very critical) thing that shows up while compiling.
> What is the best way on the Hurd to get information about
> clients that connect through a named socket?
> I currently use this code:
> http://arthurenhella.demon.nl/viewcvs/nss-ldapd/nss-ldapd/compat/getpeercred.c?view=markup
> which works on a number of platforms but uses the fallthrough code at
> the end on the Hurd.
> http://buildd.debian-ports.org/fetch.php?pkg=nss-ldapd&arch=hurd-i386&ver=0.6.3&stamp=1213622648&file=log&as=raw

One question you should consider is: why do you need this information?
Identity based access control (IBAC) is quite insecure relative to
authorization based access control (ABAC).  The idea behind ABAC is
that if a subject has the "key" (in this case, if the subject has
access to a file descriptor designating the unix domain socket), then
it most likely got it through an authorization channel.  Perhaps it
was delegated as the program using it uses privilege separation.  So
the actor's identity does not matter and may inhibit such useful
structuring.  On all modern Unixes that I know of, opening a unix
domain socket respects the access bits on the file.  Thus, the file
descriptor should be sufficient proof that the caller has the right to
use the object.


Reply to: