On Thu, Jun 18, 2009 at 07:19:30PM +0100, Darren J Moffat wrote: > Gordon Ross wrote: > >>Jordan Brown writes: > >>> Once running, smbiod accepts door calls asking it to make new > >>> connections. Such door calls provide the server IP address > >>> and authentication information needed for initiating or > >>> re-creating a connection to a server. Once the connection to > >>What authorization or credentials are required for smbiod to accept a > >>door call? Does it just test UID? > > > >The door is owned by the user and has mode 0600. > >That appears to be sufficient to prevent other > >users from opening these doors. > > Given it is trivial to do so the door server should also check that the > calling peer is running with the same creds that it is. See > door_ucred(3C) and ucred_get(3C).
The "same"? Sounds a bit extreme. Typically we'd check only the euid for this sort of thing. Nico --
