[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Running part of the code with superuser privileges
From:       Ingo Krabbe <ikrabbe.ask () web ! de>
Date:       2006-05-29 6:46:33
Message-ID: 200605290846.33690.ikrabbe.ask () web ! de
[Download RAW message or body]

Am Montag, 29. Mai 2006 01:17 schrieb Iván Forcada Atienza:
> [dom, 28 may 2006 13:07:18 -0400] - Michael Pyne:
> > On Sunday 28 May 2006 12:02, Iván Forcada Atienza wrote:
> > > Is it possible?? Any other workaround to achieve this?? Examples,
> > > docs??
> >
> > It's possible, but the application would need to be run as root (or as
> > setuid root).
> >
> > Basically what you need to do is that after the fork call, you can drop
> > privileges in the child process immediately to act as a normal user,
> > while the parent process will keep the privileges of root.
>
> I feared that this was the only possibility :-(. The goal was to avoid
> de use of kdesu at start, and only ask the user for the root's password
> when it's needed.

Hmm, I don't think that this is the full truth and basically I think of 
starting a program as root (through kdesu or whatever) is a secrurity hole 
too.  But the path through fork and exec is a good way.  I did that exactly 
for a (slip line setup, ifconfig, route) combination.  I prefer to do these 
jobs in a small subprogram which aren't KApplications but just a small 
helper, which again is installed as setuid root.  This small program can then 
be called through the bigger process which can be executed by any user.

It is true that you should read as many security documents as possible when 
you experiment with that, since you have to care on your own if someone is 
allowed to do these privileged jobs, that you open to the masses by 
installing the program.  The powerfull file permission authentication isn't 
available at this point.

Finally I don't believe that you need kdesu if you won't start you parent 
process as root, which is insecure anyway, but you need a small subprogram 
that you call through fork/exec that is setuid root, which again is no 
KApplication of course.

Are there any mechanisms how to check the authorization of such calls ?
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread]