From owner-freebsd-hackers Tue Jun 10 01:30:35 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id BAA19187 for hackers-outgoing; Tue, 10 Jun 1997 01:30:35 -0700 (PDT) Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id BAA19065 for ; Tue, 10 Jun 1997 01:28:22 -0700 (PDT) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id JAA06216; Tue, 10 Jun 1997 09:54:30 +0200 From: Luigi Rizzo Message-Id: <199706100754.JAA06216@labinfo.iet.unipi.it> Subject: Re: your rtprio stuff To: lada@ws6303.gud.siemens.at (Hr.Ladavac) Date: Tue, 10 Jun 1997 09:54:30 +0200 (MET DST) Cc: luigi@iet.unipi.it, xaa@stack.nl, hackers@FreeBSD.ORG In-Reply-To: <199706100804.KAA17947@ws6423.gud.siemens.at> from "Hr.Ladavac" at Jun 10, 97 10:04:31 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > If you don't mind the risk of letting them run other commands in real time, > > you could of course use commands like sudo or opcom that will give > > selected users root-privs without su for certain commands > > Or, how about a suid root rtprio wrapper that does (among all) > > ... > > rtprio() > execve( "your_real_executable" ... ) > this is exactly what the rtprio command does (except that it leaves the user freedom to specify which program to execve). If the wrapper is suid root, isn't the execve'd program also run with root privileges ? The same, I think, might apply to "sudo" ? Luigi -----------------------------+-------------------------------------- Luigi Rizzo | Dip. di Ingegneria dell'Informazione email: luigi@iet.unipi.it | Universita' di Pisa tel: +39-50-568533 | via Diotisalvi 2, 56126 PISA (Italy) fax: +39-50-568522 | http://www.iet.unipi.it/~luigi/ _____________________________|______________________________________