Bugtraq: Re: Why you should avoid world-writable directories

[alan () LXORGUK UKUU ORG UK (Alan Cox)]

> Yes, they are a control message.  This works well for SOCK_DGRAM, but
> not as well for SOCK_STREAM, since w/ SOCK_STREAM you can connect and
> then never send any data, thus the task wanting the credentials never
> gets them.
>
> I've considered making SOCK_STREAM credentials available once the connect
> has completed, in the NetBSD implementation.
That would encourage programmers to make dangerous assumptions.

Consider

        s=socket(blah)
        connect..

        fork

        one side execs a setuid binary

The credential stream code also has to avoid merging two messages into one
recvmsg() when the credential doesnt match. Another problem with some of
these setups is the pass a pid as part of the "authentication". A pid being
temporary and reassigned (even if randomly) isnt a usable auth token

Alan