[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The auth interface on L4-Hurd

From: Marcus Brinkmann
Subject: Re: The auth interface on L4-Hurd
Date: Thu, 1 Aug 2002 23:07:00 +0200
User-agent: Mutt/1.4i

On Thu, Aug 01, 2002 at 10:59:20PM +0200, Marcus Brinkmann wrote:
> > But, do we maybe have a race condition here?  When the server has made
> > the RPC to the user to move his handle to auth, but before he does the
> > auth_server_authenticate, someone else might make the
> > auth_server_authenticate for him, guessing the correct handle number.  How
> > can this be prevented?
> You must never simply trust a number you get from somewhere.  This is
> obvious.  The server must tell the user (which is the server of the
> rendevouz port) that it is moving the right to the auth server.  Then later
> on, the auth server must verify that it really got the right handle from the
> server.  Something like that, we have not worked out the details.  Maybe you
> want to look into this issue more closely?

Now, my reply on this point was completely bogus, and I have to think about
what you said ;)


`Rhubarb is no Egyptian god.' GNU      http://www.gnu.org    address@hidden
Marcus Brinkmann              The Hurd http://www.gnu.org/software/hurd/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]