[prev in list] [next in list] [prev in thread] [next in thread]
List: illumos-discuss
Subject: Re: [discuss] is_setuid and pfexec
From: "Garrett D'Amore" <garrett () damore ! org>
Date: 2016-03-11 22:54:21
Message-ID: CFC9D1DB-084C-434E-A338-DC1FCC006EA9 () damore ! org
[Download RAW message or body]
I suggest you have a look at exec_attr.
Sent from my iPhone
> On Mar 11, 2016, at 2:15 PM, Alexander Pyhalov <alp@rsu.ru> wrote:
>
> Thanks, Can I ask one more stupid question?
>
> I'm trying to make brasero work out of the box with CD devices, and it seems that \
> in any case for my profiles to be accounted for I have to use pfexec. Creating \
> privileges set and setppriv(PRIV_SET,PRIV_EFFECTIVE,pPrivSet) is not enough. Is it \
> correct or do I miss something?
> I mean something like
>
> static int setprivs(){
> priv_set_t *pPrivSet;
>
> if(geteuid()==0){
> g_warning("Running with euid 0, assuming you know what you are doing");
> return 0;
> }
>
> if ((pPrivSet = priv_allocset()) == NULL) {
> return 1;
> }
>
> priv_basicset(pPrivSet);
>
> if(priv_addset(pPrivSet,PRIV_SYS_DEVICES)) {
> return 2;
> };
>
> if(setppriv(PRIV_SET,PRIV_EFFECTIVE,pPrivSet)) {
> return 3;
> }
>
> /* CLI tools should also be able to use USCSICMD ioctls */
> if(setppriv(PRIV_SET,PRIV_INHERITABLE,pPrivSet)) {
> return 4;
> }
>
> priv_freeset(pPrivSet);
>
> return 0;
> }
>
> int main() {
> ...
> setprivs();
> ...
> }
> doesn't work without pfexec.
>
> ---
> System Administrator of Southern Federal University Computer Center
>
>
-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/25758063-6f7f4185
Modify Your Subscription: \
https://www.listbox.com/member/?member_id=25758063&id_secret=25758063-83fb4fd4 \
Powered by Listbox: http://www.listbox.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic