I ask, because of jail. If it's just a FIFO, then one can secure fd
passing in a jail by controlling who can talk on a socket (since
persumably fd passing is used over a pre-existing fd, and there are no
pre-existing fd's to outside the jail....)
If it can be transmited over IP, its a much more serious issue, as all
one has to do is crack a jail (root inside the jail), crack the local
system (regular user) run a program that talks to the local system over
ip, and have the cracked regular user pass a fd in.
Any other points to read that I can learn about fd passing would be
appreciated as well, as I have never used this feature in my programs,
so am somewhat ignorant in regards to it.
thanks,
shaya potter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/