----- Original Message -----
From: Calin A. Culianu <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, December 13, 2001 5:06 PM
Subject: Re: [rtl] make devices ?
>
> You can write a small C program to essentially act as a wrapper to
the
> mknod(2) system call. Then set this program to be setuid-root and
have it
> behave correctly as such.. Also this allows you to control exactly
WHAT
> devices a user can create.
>
> The other alternative that was suggested was to just set the mknod
binary
> to be setuid root. This can have security and safety ramifications,
and
> it may not even work at all (IIRC programs usually need to be
> setuid-aware). Can you imagine what would happen if a goofy
developer who
> mistyped a major number instead pointed a device node to something
like
> the ide driver rather than an RTF? Then he tries to write to the
fifo and
> POOF, there goes your hard drive! :)
The OP asked how to allow non-root users to access one (or more)
root-only commands. Every answer to this question (other than "don't
do it") entails risks. Further, every answer to the question entails
running the mknod binary and therefore carries the same risks.
Norm
-- [rtl] ---
To unsubscribe:
echo "unsubscribe rtl" | mail [EMAIL PROTECTED] OR
echo "unsubscribe rtl <Your_email>" | mail [EMAIL PROTECTED]
--
For more information on Real-Time Linux see:
http://www.rtlinux.org/
