Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!seismo!mimsy!chris
From: chris@mimsy.UUCP
Newsgroups: comp.unix.wizards
Subject: Re: /etc/rc, security ...
Message-ID: <6405@mimsy.UUCP>
Date: Wed, 22-Apr-87 06:23:00 EST
Article-I.D.: mimsy.6405
Posted: Wed Apr 22 06:23:00 1987
Date-Received: Fri, 24-Apr-87 00:04:52 EST
References: <623@rna.UUCP> <439@uhccux.UUCP>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 14

That the various daemons in /etc are runnable by all in 4.xBSD is
*not* a security hole.  It *is* an annoyance.  But then, anyone
can use syslog to blither all over your console and/or log files.
It would be nice if this were a bit more traceable.  This argues
for some way to obtain the user ID of the other end of a connected
Unix domain socket---something we happen to need here for something
unrelated to logging.

(This should be easy to add.  Store the [real? effective?] uid of
the owner of a Unix domain socket in the PCB for that socket.  Use
SO_GETOPT to get the remote uid, by following unp_conn.)
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7690)
UUCP:	seismo!mimsy!chris	ARPA/CSNet:	chris@mimsy.umd.edu