Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!cmcl2!nrl-cmf!ames!amdahl!rtech!llama!daveb
From: daveb@llama.rtech.UUCP (Dave Brower)
Newsgroups: comp.unix.wizards
Subject: Who dat?
Summary: How does a server know who is connecting?
Message-ID: <2310@rtech.rtech.com>
Date: 8 Jul 88 19:21:46 GMT
References: <199@stca77.stc.oz>
Sender: news@rtech.rtech.com
Reply-To: daveb@rtech.com (Dave Brower)
Organization: Relational Technology, Inc. Alameda, CA
Lines: 21

On a single machine, we have a suid server process.  A random client
program wishes to connect and have the server perform some services. The
server wants to know who the client is before doing anything. They might
be communicating with sockets, fifos, msgs, or shared memory.

How can the server find out who the client is, in a spoof-proof and
secure way?  On BSD, one can have the server ask the client to create a
randomly-named file, and the server can see who the owner of the file
is.  On SV, this fails because the client can chown it to be anyone
else. (The same is true of msgs and shm segments).

Oh wise and knowledgeable Wizards, what is a Way?

Thanks,

-dB


---
"Ready when you are Raoul!"
{amdahl, cpsc6a, mtxinu, sun, hoptoad}!rtech!daveb daveb@rtech.com <- FINALLY!