[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: [PATCH] SCM_CREDS support



At Thu, 24 Oct 2013 15:38:11 +0200,
Svante Signell wrote:
> > Well, the question is quite simple: what happens when the sender
> > provides faked ports, e.g. pointing to other proc/auth servers?  That's
> > where having to explain how the patch is working would possibly even
> > work out the security issues.
> 
> How could it point to other proc/auth servers? The receiver is using the
> ports of the same proc server. Are you considering more than one
> instance running? This is communication on a local socket, and the
> socket read/write mode is controlling the access to it. In the
> implementation only the same user and root could send. for other users
> the socket permission has to be changed from srw-r--r-- to srw-r--rw-
> Tested by sending as another user.

There is not a check of who opened the socket, but the sender.  These
may be different.

Neal


Reply to: