Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!cmcl2!nrl-cmf!ames!amdahl!rtech!llama!daveb From: daveb@llama.rtech.UUCP (Dave Brower) Newsgroups: comp.unix.wizards Subject: Who dat? Summary: How does a server know who is connecting? Message-ID: <2310@rtech.rtech.com> Date: 8 Jul 88 19:21:46 GMT References: <199@stca77.stc.oz> Sender: news@rtech.rtech.com Reply-To: daveb@rtech.com (Dave Brower) Organization: Relational Technology, Inc. Alameda, CA Lines: 21 On a single machine, we have a suid server process. A random client program wishes to connect and have the server perform some services. The server wants to know who the client is before doing anything. They might be communicating with sockets, fifos, msgs, or shared memory. How can the server find out who the client is, in a spoof-proof and secure way? On BSD, one can have the server ask the client to create a randomly-named file, and the server can see who the owner of the file is. On SV, this fails because the client can chown it to be anyone else. (The same is true of msgs and shm segments). Oh wise and knowledgeable Wizards, what is a Way? Thanks, -dB --- "Ready when you are Raoul!" {amdahl, cpsc6a, mtxinu, sun, hoptoad}!rtech!daveb daveb@rtech.com <- FINALLY!