Scope and Using devices
Joe Shaw
joeshaw at novell.com
Tue Jun 1 13:25:05 PDT 2004
On Tue, 2004-06-01 at 15:54 -0400, Robert Love wrote:
> Apps can run as setuid root, drop all capabilities but the requested one
> (s), and then set their uid's to the running (or any arbitrary) user.
> This can be done as the very first lines of code in the program,
> providing effectively the same results as if the filesystem supported
> capabilities.
>
> Joe and I have some test code that does the above. It works.
>
> This leaves the onus of solving the access control problem on the core
> OS, where it belongs.
Here is some example code. Note that /tmp/foo1 and /tmp/foo2 are owned
by root and 0644. To build "gcc -o testcaps testcaps.c -lcap".
Joe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: testcaps.c
Type: text/x-csrc
Size: 1970 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/hal/attachments/20040601/e9fcf4f9/testcaps.c
-------------- next part --------------
_______________________________________________
hal mailing list
hal at freedesktop.org
http://freedesktop.org/mailman/listinfo/hal
More information about the Hal
mailing list