Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!uwmcsd1!nic.MR.NET!umn-cs!randy
From: randy@umn-cs.cs.umn.edu (Randy Orrison)
Newsgroups: comp.unix.wizards
Subject: RPC == setuid procedure call?
Message-ID: <6890@umn-cs.cs.umn.edu>
Date: 23 Aug 88 15:28:46 GMT
Reply-To: randy@umn-cs.UUCP (Randy Orrison)
Organization: Control Data, Arden Hills, Minnesota
Lines: 24

I'm starting to learn about RPC for a project we're working on here, and I've
come up with a question:

	Is local RPC (i.e. Remote Procedure Call to a server on the local
	host) usable as a setuid procedure call?

It seems to me that if the RPC server is running as uid root, and you make an
RPC to it, it should be able to do things for you, as root.  Is there a
problem with this?  (Other than the obvious one of validating the caller
for what he wants done!)

Is this difficulty severe enough that only root should be allowed to make
RPCs to a RPC server running as root?

All help appreciated!

--------
off the subject:  I asked earlier what Sun OS people were running, and got a
request for a summary after I had thrown away quite a few letters.  The
majority of sites were running 3.x, only a couple were running 4.0.  Most
were waiting for 4.0 to settle down before trying the switch.
-- 
Randy Orrison		Control Data in the Hills of Arden, MN
{bungia, uunet!hi-csc, rutgers, sun}!umn-cs!randy	randy@ux.acss.umn.edu