Path: utzoo!attcan!uunet!peregrine!elroy!ames!amelia!gigantor!hahn
From: hahn@gigantor..nas.nasa.gov (Jonathan Hahn)
Newsgroups: comp.unix.wizards
Subject: chown()ing message queues and shared mem (was: Who dat?)
Message-ID: <799@amelia.nas.nasa.gov>
Date: 1 Aug 88 23:22:36 GMT
References: <199@stca77.stc.oz> <2310@rtech.rtech.com>
Sender: news@amelia.nas.nasa.gov
Reply-To: hahn@amelia.nas.nasa.gov (Jonathan Hahn)
Organization: NASA Ames Research Center
Lines: 26
Summary:

In article <2310@rtech.rtech.com> daveb@rtech.com (Dave Brower) writes:
>How can the server find out who the client is, in a spoof-proof and
>secure way?  On BSD, one can have the server ask the client to create a
>randomly-named file, and the server can see who the owner of the file
>is.  On SV, this fails because the client can chown it to be anyone
>else. (The same is true of msgs and shm segments).
	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Wait a minute!  I'm not aware that a user can change the creator
uid/gid attributes of a SYSV message queue, semaphore, or shared memory
seg.

You can't use chown() becuase it wants a path into the file system, and
none of those IPC mechanisms has a presence in the file system.  You
can't use {sem,msg,shm}ctl() because, according to the manual pages,
the various SET operations do not affect the cuid or cgid fields for
the creator.

I'm particularly interested in this becuase I plan to have a server use
this mechanism to identify clients via the creator uid of their message
queue.  If there is a way for a client to spoof the cuid/cgid field,
please let me know.

-jonathan hahn
hahn@amelia.nas.nasa.gov
...!ames!amelia!hahn
(415) 694-4360