Focus on Linux
How to check UID of process on the other side of local TCP/UDP connection Nov 24 2006 06:11PM
rainmailbox2001-ola yahoo ca (6 replies)
Re: How to check UID of process on the other side of local TCP/UDP connection Nov 28 2006 02:31AM
Greg Metcalfe (metcalfegreg qwest net)
RE: How to check UID of process on the other side of local TCP/UDP connection Nov 27 2006 08:48PM
Bond Masuda (bond masuda jlbond com)
I'm not sure why you would want to create files to check UID. Since you have
control of the server and client code, why not just use 'getuid' or
'geteuid' unix system calls? If you don't know what they are, run "man
getuid" for more information. This would be the simplest and most direct way
of getting UID information.

If you're wanting an "authentication" protocol, I think it is quite easy to
use TLS/SSL and require server/client certificates for authentication. You
would of course, require a basic CA setup. A lot of this code is already
available via the OpenSSL libraries so it shouldn't be hard to integrate
into whatever you're writing. Even if you write your own authentication
mechanism, you might want to check out the facilities available to you in
the OpenSSL libraries as any type of "secret" passing authentication should
not be done in cleartext. Your UID checking being an example of that. (sniff
the wire, pickup proper UID, spoof the server, serve up the UID)

Hope that helps...
-Bond Masuda
Security Consultant
-----------------------------------
JL Bond Consulting / www.JLBond.com

> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of
> rainmailbox2001-ola (at) yahoo (dot) ca [email concealed]
> Sent: Friday, November 24, 2006 10:12 AM
> To: focus-linux (at) securityfocus (dot) com [email concealed]
> Subject: How to check UID of process on the other side of
> local TCP/UDP connection
>
> Hello.
>
> I have the following situation:
> - Client communicates with server via TCP or UDP.
> - Both client and server are on the same local host.
> - Server runs with root privilege.
>
> Now, client connects to server. Server has to check uid of
> the client. How it can be done?
> I need a solution that can be ported to all modern Unix and
> Linux systems.
>
> The most simple solution I came with is as follows:
> 1. Client connects to server.
> 2. Server asks client to create file with random name, for
> example /tmp/check.6723 3. Client generates the file.
> 4. Server checks the owner of the file.
>
> The owner of the file is the UID under which client is running.
>
> But
> the problem is that it requires some additional communication
> between server and client. My programs can communicate
> hundreds times a second so creating, checking and removing
> the file is a big performance issue.
>
> Do you have any ideas how this local authentication can be
> achieved in some different way?
>
> I
> was also thinking about using Unix sockets for communication,
> but it seems that they also lack any mechanism for
> authenticating the client.
> Anyways, I would prefer to stick with TCP/UDP, because this
> is what my programs use already, and I don't really want to
> change everything to Unix sockets (unless of course Unix
> sockets are the only good way to resolve my problems).
>
> Thanks,
> Ola
>
>
>
>
>

[ reply ]
Re: How to check UID of process on the other side of local TCP/UDP connection Nov 27 2006 08:06PM
Luciano Miguel Ferreira Rocha (strange nsk no-ip org) (1 replies)
Re: How to check UID of process on the other side of local TCP/UDP connection Nov 28 2006 05:17PM
Filipe Varela (fcv dev6 com) (3 replies)
Re: How to check UID of process on the other side of local TCP/UDP connection Nov 29 2006 08:57PM
Luciano Miguel Ferreira Rocha (strange nsk no-ip org) (1 replies)
Re: How to check UID of process on the other side of local TCP/UDP connection Nov 30 2006 06:02PM
Filipe Varela (fcv dev6 com) (2 replies)
Re: How to check UID of process on the other side of local TCP/UDP connection Dec 01 2006 11:31PM
Glynn Clements (glynn gclements plus com)
Re: How to check UID of process on the other side of local TCP/UDP connection Dec 01 2006 09:38PM
Luciano Miguel Ferreira Rocha (strange nsk no-ip org)
Re: How to check UID of process on the other side of local TCP/UDP connection Nov 29 2006 08:13PM
Glynn Clements (glynn gclements plus com)
Re: How to check UID of process on the other side of local TCP/UDP connection Nov 29 2006 07:24PM
Vladimir Mitiouchev (vovcia gmail com)
Re: How to check UID of process on the other side of local TCP/UDP connection Nov 27 2006 08:06PM
Vladimir Mitiouchev (vovcia gmail com) (2 replies)
Re: How to check UID of process on the other side of local TCP/UDP connection Nov 29 2006 06:29AM
Greg Metcalfe (metcalfegreg qwest net)
Re: How to check UID of process on the other side of local TCP/UDP connection Nov 28 2006 05:05PM
Michael Bacarella (mbac netgraft com)


 

Privacy Statement
Copyright 2010, SecurityFocus