Mailing Lists: Apple Mailing Lists
 Image of Mac OS face in stamp
Re: Getting uid of connected user from daemon (possibly using kernel?)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Getting uid of connected user from daemon (possibly using kernel?)

Thanks Michael

On May 21, 2008, at 06:12 AM, Michael Smith wrote:

Knowing the UID of the process on the other end of a socket does not protect you against "hacker software trying to emulate the requests", as said "hacker software" will probably be running with the same UID as your legitimate clients.


You're absolutely right about this - I should have stated this clearer - the main protection here is not to allow let's say user A to impersonate user B. I.e let's say I store some per-user info for logged in users - it's more or less safe to give correct info to anyone who has correct uid, but it's absolutely not ok to give it to user with another uid. That's the idea.

And unfortunately CS is not an option as Tiger should be supported.

Best regards,
            Platon


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden







References: 


 >Getting uid of connected user from daemon (possibly using kernel?) (From: Platon Fomichev <email@hidden>)


 >Re: Getting uid of connected user from daemon (possibly using	kernel?) (From: Michael Smith <email@hidden>)























Visit the Apple Store online or at retail locations.

1-800-MY-APPLE


Contact Apple | Terms of Use | Privacy Policy


Copyright © 2011 Apple Inc. All rights reserved.