From owner-freebsd-hackers Tue Jun 10 01:44:43 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id BAA19764 for hackers-outgoing; Tue, 10 Jun 1997 01:44:43 -0700 (PDT) Received: from zwei.siemens.at (zwei.siemens.at [193.81.246.12]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA19753 for ; Tue, 10 Jun 1997 01:44:23 -0700 (PDT) Received: from ws6303-f.gud.siemens.co.at (root@firix [10.1.143.100]) by zwei.siemens.at with ESMTP id KAA01578; Tue, 10 Jun 1997 10:16:01 +0200 (MET DST) Received: from ws6423.gud.siemens.at (ws6423-f) by ws6303-f.gud.siemens.co.at with ESMTP (1.40.112.8/16.2) id AA065690477; Tue, 10 Jun 1997 10:14:37 +0200 Received: by ws6423.gud.siemens.at (SMI-8.6/SMI-SVR4) id KAA17947; Tue, 10 Jun 1997 10:04:50 +0200 Date: Tue, 10 Jun 1997 10:04:50 +0200 From: lada@ws6303.gud.siemens.at (Hr.Ladavac) Message-Id: <199706100804.KAA17947@ws6423.gud.siemens.at> To: luigi@iet.unipi.it, xaa@stack.nl Subject: Re: your rtprio stuff Cc: hackers@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Md5: J6ZHuJ4e/Ohsi27p8WY7hg== Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > From owner-freebsd-hackers@FreeBSD.ORG Tue Jun 10 09:30:53 MET 1997 > Date: Mon, 9 Jun 1997 23:09:27 +0200 > From: Mark Huizer > To: Luigi Rizzo > Cc: hackers@FreeBSD.ORG > Subject: your rtprio stuff > Mime-Version: 1.0 > X-Loop: FreeBSD.org > > > 2) (major problem) rtprio does not allow the necessary priority > > settings if not superuser; but it cannot be made suid root since > > it does not drop priority before execing the requested process. > > Of the following two fixes: > > > > a) modify the rtprio syscall so that it can set realtime priority > > for a restricted set of users (but then, how to configure this > > set ?); > > > > b) modify the rtprio(1) command so that it can run suid-root, by > > allowing RTP_SET for a configurable class of users (e.g. > > /etc/rtprio.users) and calling setuid to restore the real uid > > before calling execvp > > If you don't mind the risk of letting them run other commands in real time, > you could of course use commands like sudo or opcom that will give > selected users root-privs without su for certain commands Or, how about a suid root rtprio wrapper that does (among all) ... rtprio() execve( "your_real_executable" ... ) ... /Marino > > Mark >