rainmailbox2001-ola (at) yahoo (dot) ca [email concealed] wrote:
> I have the following situation:
> - Client communicates with server via TCP or UDP.
> - Both client and server are on the same local host.
> - Server runs with root privilege.
>
Are you using the sockets for something other than this authentication?
You could use shared memory (not always portable) or unix sockets as
some have suggested, or simply use named pipes for that matter.
Are you using the UIDs of the files for anything interesting, or just to
make sure nobody else created the file on you? If you're just doing
this to make sure the client is who it claims to be, use a different
authentication system like a cryptographically strong hash function.
Decide what you care about: Do you care what the UID is for security
purposes, or just to make sure the same user created the file and is
talking to you? Do you need the file for processing, or is it just an
out-of-band security system? Do you need the socket for communication
of anything else, or is it just the security system?
If you're processing real files with data in them, create the file
securely (put users and server in the same group, make directory only
writable and usable by the group, etc.) with whatever metadata you need
inside it and then open a unix socket connection to your server app
telling it the name of the file and the SHA-1 (or other) hash of the
file you created (preferably with a negotiated salt involved). The
server can then process the file and make sure the signature matches,
and move on.
If its an insecure server, consider using real digital signatures,
perhaps kerberos authentication for clients and servers. There are lots
of good options out there.
> I have the following situation:
> - Client communicates with server via TCP or UDP.
> - Both client and server are on the same local host.
> - Server runs with root privilege.
>
Are you using the sockets for something other than this authentication?
You could use shared memory (not always portable) or unix sockets as
some have suggested, or simply use named pipes for that matter.
Are you using the UIDs of the files for anything interesting, or just to
make sure nobody else created the file on you? If you're just doing
this to make sure the client is who it claims to be, use a different
authentication system like a cryptographically strong hash function.
Decide what you care about: Do you care what the UID is for security
purposes, or just to make sure the same user created the file and is
talking to you? Do you need the file for processing, or is it just an
out-of-band security system? Do you need the socket for communication
of anything else, or is it just the security system?
If you're processing real files with data in them, create the file
securely (put users and server in the same group, make directory only
writable and usable by the group, etc.) with whatever metadata you need
inside it and then open a unix socket connection to your server app
telling it the name of the file and the SHA-1 (or other) hash of the
file you created (preferably with a negotiated salt involved). The
server can then process the file and make sure the signature matches,
and move on.
If its an insecure server, consider using real digital signatures,
perhaps kerberos authentication for clients and servers. There are lots
of good options out there.
--
Michael T. Babcock
Triple PC Ltd.
[ reply ]