pwede, but still the executable would need setuid. so what you do when it runs as root on startup due to the setuid bit, you need to drop root privileges by doing seteuid(other-uid) to another non-root userid if your not yet at the part of code which will require root ops. then when it's time to do root, you call seteuid(0) so you are able to recall your previous root power to do the root operation. after that, drop again the root privilege by calling seteuid(other-uid) again.
also, as an added protection, you need to intercept/block/drop all signals whose default action will make your setuid exe dump core or get interrupted during root operations. also, you'll need to be careful around opening/writing files when root. use, lstat(), open(), and then fstat() so you'll know you're writing to the intended file and not a symlink when you compare inodes between lstat & fstat. also, im very sure i missed tons of other important things. you can probably read apache's suexec code or proftpd's code to find the other important security tricks. if it's cgi, maybe you can put a perl wrapper around the setuid binary. that way, you can conveniently do strict input validation. before you pass it to the setuid exe which in turn should not be visible from the any webserver url or document tree. you can do it! pong On Wed, 28 Nov 2001, CYWare wrote: > On Windows, I've done this using ISAPI on IIS. Basically, my ISAPI runs > under the IIS web user but I am able to programatically login as > Administrator, switch privileges, do whatever I needed to do, then logoff > the Administrator. All this takes about a split second so security really > isn't too much of an issue. > > Does UNIX support this functionality? > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
