Re: access control.
From: Rich Gibbs (rgibbs_at_REMOVEhis.com)
Date: 05/13/04
- Next message: Barry Margolin: "Re: access control."
- Previous message: Alexander Krisak: "Re: FILE* behaviour over BSD sockets - how?"
- In reply to: KIRAN MN: "Re: access control."
- Next in thread: Barry Margolin: "Re: access control."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 13 May 2004 12:26:54 -0400
KIRAN MN said the following, on 05/13/04 02:16:
> Rich Gibbs <rgibbs@REMOVEhis.com> wrote in message news:<40a28abf@news101.his.com>...
>
>>KIRAN MN said the following, on 05/12/04 06:34:
>>
>>>Hi,
>>>
>>>
>>> My os is Aix-4.3.2. C compiler is 6.1.0.0.
>>> i have a commercial software sitting in directroy "dir".
>>> dir/a
>>> dir/b
>>> dir/c
>>>
>>> a,b and c are executables. In this say "a" is a GUI that in tern
>>>calls
>>> b and c
>>> while running. I don't want users to execute dir/a directly, I
>>>want then to use some program to access dir/a .This program
>>>while
>>> running it will create temporary files and output files.
>>>
>>> If i write a set-uid program to access control this, then
>>>temporary
>>> files
>>> that gets created will be in effective user id.
>>>
>>> What i want is users must execute dir/a through a purticular
>>>program,they are not allowed to run directly setting path,
>>>while
>>> running their effective uid must be equal to real uid(This is
>>>for
>>> temporary files that gets created).
>>>
>>> Is there any method to acheive this?
>>> Please help me
>>>
>>
>>In general, yes. Most Unix/Linux versions have the "Saved SetUID"
>>feature (_POSIX_SAVED_IDS is true). I don't have access to AIX docs,
>>but this has been around since SysVR4 and BSD4.3+, so I expect it's
>>there; my Debian Woody box has it. This allows you to drop a
>>privileged ID, and then to restore it later, if necessary.
>>
>>man 2 setuid
>>
>>for the details.
>
>
> yes "Saved setUID" exists in aix, but what is the use. If my setuid
> program is
> say "entry" and has setuid bit set to user admin. Software executables
> say dir/a dir/b and dir/c have execute permission only for "admin".
>
> On executing "entry" program a user becomes root and he will be able
> to execute
> "dir/a", at this point of time user will be having ruid as same as
> user, but euid as "admin". now when dir/a creates files it will be in
> owner ship of "admin". I don't want this.
>
> In this where can i use "Saved setUID" feature. If i change euid
> before invoking
> dir/a then i will be not able to invoke dir/a.
>
Well, if the 'entry' program needs to start off as 'admin', and you want
the temporary files to be created using the actual user ID, then you are
going to have to switch the effective user ID at some point. It seems
to me that you have two options:
-- Open the files in the 'entry' program, then change EUID before
invoking 'a' and giving it the open file descriptor(s).
-- Invoke 'a' (or 'b' or 'c'), then change the EUID. Obviously this
means each of the programs must be modified.
I really can't make any sensible suggestion about making the choice,
since I don't know what the applications do.
(Note that if 'entry' is suid 'root' then it could create the files,
then 'chown' them to the user. I do NOT recommend doing this unless
there is no other way: the casual proliferation of things that run as
'root' is a Very Bad Idea.)
-- Rich Gibbs rgibbs@his.com
- Next message: Barry Margolin: "Re: access control."
- Previous message: Alexander Krisak: "Re: FILE* behaviour over BSD sockets - how?"
- In reply to: KIRAN MN: "Re: access control."
- Next in thread: Barry Margolin: "Re: access control."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
