[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
code/module request: undo setuid
From: |
Sam Steingold |
Subject: |
code/module request: undo setuid |
Date: |
Mon, 10 Nov 2008 10:54:21 -0500 |
User-agent: |
Thunderbird 2.0.0.14 (X11/20080506) |
Hi,
Suppose one has an application which is installed setuid root.
Suppose also the application has a feature (e.g., spawn an interactive user
shell) which should NOT be run as root - but as an unprivileged user instead.
I suppose this is a fairly common operation (e.g., nethack is probably
installed setgid games and I think it can spawn a shell), and it is probably
done thus:
if (0 == fork()) { /* child */
magic incantations to restore gid;
exec("/bin/bash");
} else ...
So, what are those "magic incantations"?
do they go beyond
setreuid(getuid(), getuid());
??
Yes, I can probably hunt them down myself, but I would rather have an expert
opinion.
Also, if the magic goes beyond 1-2 lines, I think it would be a good idea to
add it to gnulib.
thanks.
Sam.
- code/module request: undo setuid,
Sam Steingold <=