Subject: Re: open_as vs fuid
To: Thor Lancelot Simon <firstname.lastname@example.org>
From: Andrew Brown <email@example.com>
Date: 11/05/2000 22:57:12
>> See unix(4) and its description of passing fd's via a "cmsghdr".
>Uh, hello, that's *exactly* what I've been proposing all along: exec
>a small program that only your program can run (because it's group-execute
>only, and your program's setgid that group) that is setuid root; the small,
>easily verified program gets the descriptor you want and passes it back to
actually...it might be *simpler* to simply fork() and then call a
specific function that *only* exits (ie, never returns). sort of like
that function can handle requests from the parent for things like file
descriptors or the contents of files. the pipe set up is a little
easier, as well as the fact that you don't have to worry that the
"helper" program is there.
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."