by Marc SCHAEFE » Wed, 06 Sep 2000 21:18:33
But it isn't safe, even on the local machine, since there are ways,
notably with ssh redirects, to issue local connections as root although
you are on a remote system.
by Nikita V. Youshchenk » Thu, 07 Sep 2000 02:55:44
> : One way is to ask the identd service running on the local machine.
> : This method : is portable to any OS that has an identd service.
> But it isn't safe, even on the local machine, since there are ways,
> notably with ssh redirects, to issue local connections as root although
> you are on a remote system.
by Mike McDona » Thu, 07 Sep 2000 08:17:31
>> : One way is to ask the identd service running on the local machine.
>> : This method : is portable to any OS that has an identd service.
>> But it isn't safe, even on the local machine, since there are ways,
>> notably with ssh redirects, to issue local connections as root although
>> you are on a remote system.
> Hmm... I am using LOCAL sockets (aha UNIX domain sockets) only. Is it
> possible in the server (that is running as root) to determine UID of the
> client just connected ?.. I badly need it ...
Mike McDonald
by Denic » Thu, 07 Sep 2000 19:00:28
>> : One way is to ask the identd service running on the local machine.
>> : This method : is portable to any OS that has an identd service.
>> But it isn't safe, even on the local machine, since there are ways,
>> notably with ssh redirects, to issue local connections as root although
>> you are on a remote system.
>Hmm... I am using LOCAL sockets (aha UNIX domain sockets) only. Is it
>possible in the server (that is running as root) to determine UID of the
>client just connected ?.. I badly need it ...
or better yet
lsof -U ( lsof is very useful... )
--
<*> This moment's fortune cookie:
A debugged program is one for which you have not yet found the conditions
that make it fail.
-- Jerry Ogdin
by Nikita V. Youshchenk » Thu, 07 Sep 2000 18:16:46
> >> : One way is to ask the identd service running on the local machine.
> >> : This method : is portable to any OS that has an identd service.
> >> But it isn't safe, even on the local machine, since there are ways,
> >> notably with ssh redirects, to issue local connections as root although
> >> you are on a remote system.
> > Hmm... I am using LOCAL sockets (aha UNIX domain sockets) only. Is it
> > possible in the server (that is running as root) to determine UID of the
> > client just connected ?.. I badly need it ...
> Why don't you just have the client tell you who it is?
by Nikita V. Youshchenk » Fri, 08 Sep 2000 05:46:22
> >> : One way is to ask the identd service running on the local machine.
> >> : This method : is portable to any OS that has an identd service.
> >> But it isn't safe, even on the local machine, since there are ways,
> >> notably with ssh redirects, to issue local connections as root although
> >> you are on a remote system.
> >Hmm... I am using LOCAL sockets (aha UNIX domain sockets) only. Is it
> >possible in the server (that is running as root) to determine UID of the
> >client just connected ?.. I badly need it ...
> How about some options from netstat, for example:
> netstat -peva
Nikita
by Clarence Gardne » Sat, 09 Sep 2000 02:37:26
>> >> : One way is to ask the identd service running on the local machine.
>> >> : This method : is portable to any OS that has an identd service.
>> >> But it isn't safe, even on the local machine, since there are ways,
>> >> notably with ssh redirects, to issue local connections as root although
>> >> you are on a remote system.
>> > Hmm... I am using LOCAL sockets (aha UNIX domain sockets) only. Is it
>> > possible in the server (that is running as root) to determine UID of the
>> > client just connected ?.. I badly need it ...
>> Why don't you just have the client tell you who it is?
>Because it is insecure. Any other ideas ?
Have the client create a temporary file (so it will be the owner) with a
mode of 0600. The fact that it has the file open means that it is the owner
of the file (or super-user; can't get around that). (I'm ignoring any silliness
like the permissions changing after the open()). Then, send the descriptor
to the server over your Unix domain socket. The server can receive the
descriptor and do an fstat() on it to find the owner of the file (and be sure
that the permissions are 0600), and take that to be the uid of the client
process.
1. Did setup Linux, but having problems setting up Local Email between local users
I have a system on
which Linux has just been installed, but not
connected to anything for now, all I want is for
the various local users, to be able to send mail to
each other, I tested it and the mail never actually
gets delivered to the other local account ? The
book I have said something about using Smail for
the configuration, but I could not find it.
Thanks a lot for any help in advance.
TJ.
3. Can't connect to local MySQL server through socket '/tmp/mysql.sock'
5. RedHat 7.1 local INET sockets not connecting
6. CERN 3.0 'Icons.xbm' babbling bug
7. Can't connect to local MySQL server through socket '/tmp/mysql.sock'
8. Creating a mirror drive ... how do I do that?
9. Finding a socket's local port number
10. Socket to SMTP server - periodic time outs
11. newbie help with starting an apache server...users outside local network cant find server.
12. How do I find a local user group?
13. How to find out application that send outs packets on certain port