set effective user to root 1574

On Mon, 05 Jun 2006 22:03:03 +0000, Andre Kostur

It is the second, with some additions. The requirements:

1: a. Normal users may neither read nor write the data file (0600). b. Normal users may neither read nor write the directory that contains the data file (0700).

2. a. Both root and normal users can run TheExe (0555) which both reads and writes the data file. b. TheExe must access user resources after accessing the data file, including when user is root.

set effective user to root 1575
On Mon, 05 Jun 2006 20:41:44 -0400, Mike - EMAIL IGNORED Excellent! Concrete requirements. See Unruh's detailed howto on the...

3. a. TheExe contains a function TheDataAccessor that actually accesses the data file. b. There is a daemon that also utilizes TheDataAccessor.

I quote man setuid:

If the user is root or the program is setuid root, special care must be taken. The setuid function checks the effective uid of the caller and if it is the superuser, all process related user ID's are set to uid. After this has occurred, it is impossible for the program to regain root privileges.

It appears, therefore, that setuid cannot satisfy all of the requirements listed above. It can probably be done with popen(), but I would like to avoid this if possible.

At this point, chmod u+s TheExt seems best.

I look forward to enlightenment.

Thanks, Mike.

List | Previous | Next

set effective user to root 1575

Linux groups from Newsgroups

The #1 Usenet Provider on the Internet

set effective user to root 1573

PLEX86 x86- Virtual Machine (VM) Program


	Plex86 \| CVS \| Mailing List \| Download \| Linux \| Newsgroups

		set effective user to root 1574 On Mon, 05 Jun 2006 22:03:03 +0000, Andre Kostur It is the second, with some additions. The requirements: 1: a. Normal users may neither read nor write the data file (0600). b. Normal users may neither read nor write the directory that contains the data file (0700). 2. a. Both root and normal users can run TheExe (0555) which both reads and writes the data file. b. TheExe must access user resources after accessing the data file, including when user is root. set effective user to root 1575 On Mon, 05 Jun 2006 20:41:44 -0400, Mike - EMAIL IGNORED Excellent! Concrete requirements. See Unruh's detailed howto on the... 3. a. TheExe contains a function TheDataAccessor that actually accesses the data file. b. There is a daemon that also utilizes TheDataAccessor. I quote man setuid: If the user is root or the program is setuid root, special care must be taken. The setuid function checks the effective uid of the caller and if it is the superuser, all process related user ID's are set to uid. After this has occurred, it is impossible for the program to regain root privileges. It appears, therefore, that setuid cannot satisfy all of the requirements listed above. It can probably be done with popen(), but I would like to avoid this if possible. At this point, chmod u+s TheExt seems best. I look forward to enlightenment. Thanks, Mike. List \| Previous \| Next



		set effective user to root 1575 Linux groups from Newsgroups The #1 Usenet Provider on the Internet set effective user to root 1573