tech-userlevel: Re: utmp file format change

Subject: Re: utmp file format change
To: James Graham <greywolf@starwolf.com>
From: Andrew Brown <atatat@atatdot.net>
List: tech-userlevel
Date: 09/29/2001 00:12:41
># Hmmm, I did not consider that.  Of course, once you've handed the
># fd to another process like that, it could simply hand the fd out
># to anyone who asked for it, circumventing the permissioning in a
># very similar way.  The big problem would be if you had a file with
># group or other write permissions set, then the second process could
># link it to the fs and re-open it with elevated permissions, which
># would be a significant minus.  So, scratch that idea for now.
>
>Take into consideration that if you're handed an fd on, say, an internal
>socket, that's not a valid candidate for a link, and that's what most
>IPC runs on.  Even if you're handed an fd on a UNIX domain socket, then
>all you'll get is the link to the socket.  Big deal.  As I understand
>sockets, you can't create the socket until you've gone through the rigmarole
>needed beforehand, and then only the process that created it can use it.
>[I'm woefully undereducated on this subject only having tried it once.]

if you can get another link to a local domain socket, you can bypass
any restrictions that directories might have put on access to it in
the first place.  that's a good counterexample.  :)

>...or are you thinking:
>
>	setgid(egid);
>	fd=open(...);
>	switch(fork()) {
>	case -1:
>		error("fork");
>		break;
>	case 0:
>		setgid(gid);
>		kidstuff(fd);
>		break;
>	default:
>		wait4(...);
>	}
>
>...but that kind of coding doesn't make sense.  Where are you going to get
>a random fd to a *file* (link() doesn't like directories) via IPC?  I don't
>recall being able to inherit one across processes unless it's from a parent!

you can pass them over local domain sockets.  you can inherit them.
there are lots of ways.  .i could open a local domain connection to a
file descriptor server, get a descriptor on something (maybe it's even
another local domain socket), and make a link to it.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."