[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: Running part of the code with superuser privileges
From: Michael Pyne <michael.pyne () kdemail ! net>
Date: 2006-05-28 16:58:12
Message-ID: 200605281307.23045.michael.pyne () kdemail ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Sunday 28 May 2006 12:02, Iván Forcada Atienza wrote:
> Is it possible?? Any other workaround to achieve this?? Examples, docs??
>
> Thanks in advance!! :-)
It's possible, but the application would need to be run as root (or as setuid
root).
Basically what you need to do is that after the fork call, you can drop
privileges in the child process immediately to act as a normal user, while
the parent process will keep the privileges of root.
This brings up a whole host of issues though, such as how to communicate
between the two processes (you'll have to use pipe() before fork() for
example), and how to do all this securely.
If it were me I'd just have a separate program that handles interfacing with
the network stuff, and only with the network stuff. Have it setuid root and
call it as necessary. And before I do any of this, I'd read the Secure Linux
and UNIX Programming HOWTO by David Wheeler:
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html
I don't expect you to read *all* of it of course, but it does contain very
useful advice on ways to write programs that require high security in a
UNIX-like environment.
Regards,
- Michael Pyne
[Attachment #5 (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic