[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Running part of the code with superuser privileges
From:       Albert Astals Cid <aacid () kde ! org>
Date:       2006-05-28 17:56:17
Message-ID: 200605281956.18098.aacid () kde ! org
[Download RAW message or body]

A Diumenge 28 Maig 2006 19:49, Thiago Macieira va escriure:
> Michael Pyne wrote:
> >On Sunday 28 May 2006 12:02, Iván Forcada Atienza wrote:
> >> Is it possible?? Any other workaround to achieve this?? Examples,
> >> docs??
> >>
> >> Thanks in advance!! :-)
> >
> >It's possible, but the application would need to be run as root (or as
> > setuid root).
>
> Setuid root isn't allowed in KDE applications. The KApplication
> constructor will abort the application.

Well, kppp is setuid root AFAIK
IIRC what it does is:
 * fork a process that does the privileged work
 * drop privileges
 * create the KApplication

But you can have a more real description looking at its sources :D

Albert

>
> If you need to have root privileges, you need to either run as root, or
> have a separate process to do your privileged work, which you can launch
> with kdesu.
>
> >If it were me I'd just have a separate program that handles interfacing
> > with the network stuff, and only with the network stuff.  Have it
> > setuid root and call it as necessary.  And before I do any of this, I'd
> > read the Secure Linux and UNIX Programming HOWTO by David Wheeler:
> >http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html
>
> Good advice.
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread]