QNX6.3 Global name servise

Why only application with root priveleges can attach global name by
name_attach()?

In QNX4 every not-root process can qnx_name_attach() “/global_name” in the
QNet.

“Leonid Khait” <lhait@diaspro.com> wrote in message
news:ccon3n$l6p$1@inn.qnx.com

Why only application with root priveleges can attach global name by
name_attach()?

Yes

In QNX4 every not-root process can qnx_name_attach() “/global_name” in the
QNet.

So?

Mario Charest <nowheretobefound@8thdimension.com> ÐÉÛÅÔ ×
ÓÏÏÂÝÅÎÉÉ:ccp2r9$so9$1@inn.qnx.com

“Leonid Khait” <> lhait@diaspro.com> > wrote in message
news:ccon3n$l6p$> 1@inn.qnx.com> …
Why only application with root priveleges can attach global name by
name_attach()?

Yes


In QNX4 every not-root process can qnx_name_attach() “/global_name” in
the
QNet.

So?

The aim of this change is interesting.

Leonid Khait <lhait@diaspro.com> wrote in message
news:ccqc2c$qgk$1@inn.qnx.com

Why only application with root priveleges can attach global name by
name_attach()?

The aim of this change is interesting.

The concern is, if anybody can attach to a global name, then anyone on the
network
could “hijack” a real services.

-xtang

Xiaodan Tang <xtang@qnx.com> ÐÉÛÅÔ × ÓÏÏÂÝÅÎÉÉ:ccu2qn$lmq$1@inn.qnx.com

Leonid Khait <> lhait@diaspro.com> > wrote in message
news:ccqc2c$qgk$> 1@inn.qnx.com> …
Why only application with root priveleges can attach global name by
name_attach()?

The aim of this change is interesting.

The concern is, if anybody can attach to a global name, then anyone on the
network
could “hijack” a real services.

-xtang


Well, but “anybody” can make “hack” programm on his own PC as superuser,

give this program root priveleges chown root program,and chmod a+s status,
start on the target plase this program as not-root and before name_attach()
change uid to root priveleges by setuid(0).
This program can attach name as global on the QNET.

“Leonid Khait” <lhait@diaspro.com> wrote in message
news:ccv9ua$k9e$1@inn.qnx.com

Xiaodan Tang <> xtang@qnx.com> > ÐÉÛÅÔ × ÓÏÏÂÝÅÎÉÉ:ccu2qn$lmq$> 1@inn.qnx.com> …

Leonid Khait <> lhait@diaspro.com> > wrote in message
news:ccqc2c$qgk$> 1@inn.qnx.com> …
Why only application with root priveleges can attach global name by
name_attach()?

The aim of this change is interesting.

The concern is, if anybody can attach to a global name, then anyone on
the
network
could “hijack” a real services.

-xtang


Well, but “anybody” can make “hack” programm on his own PC as superuser,
give this program root priveleges chown root program,and chmod a+s status,

That’s the whole point, you need to be root and root is a trusted user. All
other user are not (unless root allows it)

start on the target plase this program as not-root and before
name_attach()
change uid to root priveleges by setuid(0).
This program can attach name as global on the QNET.