Subject: Re: open_as vs fuid
To: Todd Vierling <email@example.com>
From: Brett Lymn <firstname.lastname@example.org>
Date: 11/06/2000 15:28:52
According to Todd Vierling:
>If you need repeated access to a file as a particular user ID but want to
>avoid opening root holes while the "main" process is running suid, you could
>socketpair(), fork(), give up all privilege other than that user's ID, and
>the subprocess can then open a specific, restricted subset of files as that
>user and pass them to the parent.
*ahem* I did suggest exactly that before this thread hit the tech*
mailing lists - that seemed to get ignored. The downside is that you
are forced to fork another copy of the program.
> This is, however, just a blown up version
>of the simpler:
I have seen that not work on some other versions on unix which may be
why it does not get used.
Brett Lymn, Computer Systems Administrator, BAE SYSTEMS