Path: utzoo!attcan!uunet!husc6!spdcc!ima!minya!jc
From: jc@minya.UUCP (John Chambers)
Newsgroups: comp.unix.wizards
Subject: Re: Who dat?
Message-ID: <51@minya.UUCP>
Date: 21 Jul 88 02:28:24 GMT
References: <199@stca77.stc.oz> <2310@rtech.rtech.com> <3789@rpp386.UUCP>
Organization: (none)
Lines: 43

In article <3789@rpp386.UUCP>, jfh@rpp386.UUCP (John F. Haugh II) writes:
> In article <2310@rtech.rtech.com> daveb@rtech.com (Dave Brower) writes:
> >How can the server find out who the client is, in a spoof-proof and
> >secure way?  On BSD, one can have the server ask the client to create a
> >randomly-named file, and the server can see who the owner of the file
> >is.  On SV, this fails because the client can chown it to be anyone
> >else. (The same is true of msgs and shm segments).
> >
> >Oh wise and knowledgeable Wizards, what is a Way?

> have the client create a file with the suid and sgid bits set.  you
> can't chown a file after setting those bits without having some of
> them cleared.  the documentation for chown(2) specifies that the SUID
> and SGID bits are cleared if either owner or group are changed.

Let's see, what I do when you ask my process A to create this file is
to have a program B sitting around that is setuid/setgid to whomever
I want you to think A is; A would start up B as a subprocess, with the
desired filename in argv[1]; B would create it.  How would you determine
that A isn't this uid/gid combination?

> this should be fully fool proof.

Careful who you call a fool, boy!







[Goddam @#*$&^ included-line-count nonsense ;-]






-- 
John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)

[Any errors in the above are due to failures in the logic of the keyboard,
not in the fingers that did the typing.]