HI,
<soapbox>
By the way, the StorageType TC is pretty broken (fatally flawed)
in it's assumptions. That is, really doesn't match the semantics
of real systems. I hope that the work that is being done by
NET-SNMP is not based on trying to duplicate that semantics
of the StorageType TC.
</soapbox>
On Tue, 6 Dec 2005, Wes Hardaker wrote:
> >>>>> On Mon, 5 Dec 2005 07:02:09 -0500, Robert Story <[EMAIL PROTECTED]>
> >>>>> said:
>
> Robert> Yes, though the persistent store can be written at other times
> Robert> too. The temporary switch to root would probably be needed in
> Robert> other scenarios too (I think some platforms use kernel APIs
> Robert> that require root access).
>
> /me is done thinking (yeah, right...)
>
> Issues:
>
> 1) I don't think we should switch back to root to write files
> 2) I think the files should be owned by something other than root if
> they need to be written to by an agent running as a different user.
> 3) I think the correct fix is actually to define which tokens are
> allowed to exist in the persistent storage file. Something like
> netsnmp_app_register_persistent_token("foo") which would specify
> that token was legal to load from a persistent storage file.
> That's easy enough to implement except for that part of having to
> know what file the persistent storage is actually in. There are a
> number of ways that could be done, of course, but my thinking is
> that the easiest way is to put something like:
>
> if (user != root && file_owner == process_owner &&
> ! netsnmp_ds_get_boolean(NEW_FLAG_FOR_ALLOW_ANYWAY)
> token_is_not_registered_for_persistance(current_token)) {
> log errer
> skip to next line
> }
>
> That looks fairly hacky from the reading point of view, but it's
> quite clean from a code-elsewhere point of view... I actually
> think the above test should really only apply if the user was being
> downgraded (IE, if I start it as "me" and don't say to switch to
> something else then don't issue the error)
>
> --
> Wes Hardaker
> Sparta, Inc.
Regards,
/david t. perkins
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
