[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-security-audit
Subject:    Re: Wrapper question
From:       "Len Budney" <lbudney-lists-audit () nb ! net>
Date:       2001-05-18 16:48:24
[Download RAW message or body]

Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> wrote:
> On Tue, 15 May 2001, Len Budney wrote:
> 
>> If the program still works with the set[ug]id bit unset, then the bit
>> would already be unset.
> 
> You can take the bit from the program and give it to the wrapper.
> The wrapper does all sanity checks it is supposed to do and execs
> the original program.

Most elegant. Yes, that's exactly the answer to my original question--which
I now see was slightly dumb. Thanks.

Len.

PS I still think fexec() is so beautiful, there must be a need for it.
But I can't think of a case calling for it.

--
When cheese gets its picture taken, what does it say? 

[prev in list] [next in list] [prev in thread] [next in thread]