Path: utzoo!utgpu!utstat!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!husc6!psuvax1!schwartz@shire.cs.psu.edu
From: schwartz@shire.cs.psu.edu (Scott Schwartz)
Newsgroups: comp.windows.x
Subject: Re: X11R3 security hole needs attention
Message-ID: <4388@psuvax1.cs.psu.edu>
Date: 20 Mar 89 04:42:23 GMT
References: <8903180123.AA00833@buit5.bu.edu> <8903181644.AA24536@regin.think.com> <2144@titan.sw.mcc.com>
Sender: news@psuvax1.cs.psu.edu
Reply-To: schwartz@shire.cs.psu.edu (Scott Schwartz)
Organization: Pennsylvania State University, Computer Science
Lines: 14
In-reply-to: janssen@titan.sw.mcc.com (Bill Janssen)

In article <2144@titan.sw.mcc.com>, janssen@titan (Bill Janssen) writes:
>It seems that "jsol" has trouble with users who have accounts on his machine.
>There is really no Unix-y answer to this.  What I think he's looking for
>is a system like xhost that will allow one to specify a list of uids that
>can connect to the server.  But I suppose you can't get the uid of the client
>process from a network stream...

And over the network, a uid wouldn't have the same semantics as a
local one, in general.  However, in the (berkeley) unix domain, you
can do the following: have the user creat a file, mode 000.  Then use
sendmsg to pass the file descriptor to the server.  The server can
then do an fstat to see that the file is owned by the right person.
-- 
Scott Schwartz		<schwartz@shire.cs.psu.edu>