Subject: Re: open_as vs fuid
To: Thor Lancelot Simon <>
From: Andrew Brown <>
List: tech-kern
Date: 11/05/2000 22:57:12
>> See unix(4) and its description of passing fd's via a "cmsghdr".
>Uh, hello, that's *exactly* what I've been proposing all along: exec
>a small program that only your program can run (because it's group-execute
>only, and your program's setgid that group) that is setuid root; the small,
>easily verified program gets the descriptor you want and passes it back to
>you. might be *simpler* to simply fork() and then call a
specific function that *only* exits (ie, never returns).  sort of like

that function can handle requests from the parent for things like file
descriptors or the contents of files.  the pipe set up is a little
easier, as well as the fact that you don't have to worry that the
"helper" program is there.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."