![]() Make any statement about the effect of the permissions on a socketįile, and on some systems (e.g., older BSDs), the socket permissionsĪre ignored. Likewise requires write permission on that socket. Permission on that socket sending a datagram to a datagram socket On Linux, connecting to a stream socket object requires write Process does not have write and search (execute) permission on theĭirectory in which the socket is created. In the Linux implementation, pathname sockets honor the permissions In that case, this is the way:Īs of man unix(7): Pathname socket ownership and permissions Nontheless, in a properly working system, you should normally discriminate among different users if that's a requirement of your app. If the account gets hacked or if the machine gets compromised, there's not much to do at de app level. As all security related specs, all depends on the value of the information that is saved behind those sockets. and the probability of the user being hacked without knowing the password are quite low. You'll be asking passwords at least from time to time. Your idea is a good one, if users don't mind to have to use their passwords each time they use a socket, think on the overhead of this. But probably, if the user has been able to bypass the security by other means than getting the pasword, he has broken the security access to the system, and why not become root then? in that case, he will be able to change the password to access your system and restore the old one after accessing, without even knowing it (he has only to copy the encrypted password in the /etc/shadow file, change the password, access your system, and restore the encrypted password from the copy he made) Only if the original user tries to access to the system while the password is changed, he will detect the intrusion, else at the end everything goes as before the change.Īnyway, hacking a unix system at this level gives you more power than that, and he will be able to attack your system on the rear side, accessing the internal datafiles or databases, better as root than as the original user. Ok, that's what the passwd(1) program does indeed! (and it does that since the epoch of unix) It asks for the password, so if the user was effectively hacked the account and does not know the password, he will not be able to change the password and will not be able also to access the service. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |