Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!killer!pollux!dalsqnt!rpp386!jfh From: jfh@rpp386.UUCP (John F. Haugh II) Newsgroups: comp.unix.wizards Subject: Re: Who dat? Message-ID: <3789@rpp386.UUCP> Date: 9 Jul 88 23:03:47 GMT References: <199@stca77.stc.oz> <2310@rtech.rtech.com> Reply-To: jfh@rpp386.UUCP (The Beach Bum) Organization: Big "D" Home for Wayward Hackers Lines: 22 In article <2310@rtech.rtech.com> daveb@rtech.com (Dave Brower) writes: >How can the server find out who the client is, in a spoof-proof and >secure way? On BSD, one can have the server ask the client to create a >randomly-named file, and the server can see who the owner of the file >is. On SV, this fails because the client can chown it to be anyone >else. (The same is true of msgs and shm segments). > >Oh wise and knowledgeable Wizards, what is a Way? have the client create a file with the suid and sgid bits set. you can't chown a file after setting those bits without having some of them cleared. the documentation for chown(2) specifies that the SUID and SGID bits are cleared if either owner or group are changed. this should be fully fool proof. - john. -- John F. Haugh II +--------- Cute Chocolate Quote --------- HASA, "S" Division | "USENET should not be confused with UUCP: killer!rpp386!jfh | something that matters, like CHOCOLATE" DOMAIN: jfh@rpp386.uucp | -- with my apologizes