Chris Adams writes:
Once upon a time, Sam Varshavchik <mrsam@xxxxxxxxxxxxxxx> said: > A means for authenticating a filesystem domain socket's peer. Receive the > peer's credentials, then check /proc/pid/exe and /proc/self/exe. If they're > same, the daemon is talking to another instance of itself. Is there anything that actually does that and depends on the result? Such a check would be inherently racey.
The only race condition exists in this situation, that I can see, is an impostor making the filesystem domain connection, sending the credentials under the original pid, forking, and have the original process exec the process being impersonated.
Setting aside the likelyhood of a succesfull exploit, the race is preventable simply by requiring the peer resend its credentials, after validating the peer's pathname, and verifying that the pid did not change.
Don't panic.
Attachment:
pgpkOjmxNDQGi.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
