> > The door is owned by the user and has mode 0600. > > That appears to be sufficient to prevent other > > users from opening these doors. > > Given it is trivial to do so the door server should also check that the > calling peer is running with the same creds that it is. See > door_ucred(3C) and ucred_get(3C).
OK, I'm happy to add that. Thanks, Gordon
