[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Running part of the code with superuser privileges
From:       Michael Pyne <michael.pyne () kdemail ! net>
Date:       2006-05-28 16:58:12
Message-ID: 200605281307.23045.michael.pyne () kdemail ! net
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Sunday 28 May 2006 12:02, Iván Forcada Atienza wrote:
> Is it possible?? Any other workaround to achieve this?? Examples, docs??
>
> Thanks in advance!! :-)

It's possible, but the application would need to be run as root (or as setuid 
root).

Basically what you need to do is that after the fork call, you can drop 
privileges in the child process immediately to act as a normal user, while 
the parent process will keep the privileges of root.

This brings up a whole host of issues though, such as how to communicate 
between the two processes (you'll have to use pipe() before fork() for 
example), and how to do all this securely.

If it were me I'd just have a separate program that handles interfacing with 
the network stuff, and only with the network stuff.  Have it setuid root and 
call it as necessary.  And before I do any of this, I'd read the Secure Linux 
and UNIX Programming HOWTO by David Wheeler: 
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html

I don't expect you to read *all* of it of course, but it does contain very 
useful advice on ways to write programs that require high security in a 
UNIX-like environment.

Regards,
 - Michael Pyne

[Attachment #5 (application/pgp-signature)]

>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<


[prev in list] [next in list] [prev in thread] [next in thread]