Date: Tue, 10 Jun 1997 10:38:28 +0200 From: lada@ws6303.gud.siemens.at (Hr.Ladavac) To: lada@ws6303-f.gud.siemens.co.at, luigi@labinfo.iet.unipi.it Cc: luigi@iet.unipi.it, xaa@stack.nl, hackers@FreeBSD.ORG Subject: Re: your rtprio stuff Message-ID: <199706100838.KAA23425@ws6423.gud.siemens.at>
next in thread | raw e-mail | index | archive | help
> From luigi@labinfo.iet.unipi.it Tue Jun 10 10:40:11 MET 1997 > From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> > Subject: Re: your rtprio stuff > To: lada@ws6303-f.gud.siemens.co.at (Hr.Ladavac) > Date: Tue, 10 Jun 1997 09:54:30 +0200 (MET DST) > Cc: luigi@iet.unipi.it, xaa@stack.nl, hackers@FreeBSD.ORG > > > > If you don't mind the risk of letting them run other commands in real time, > > > you could of course use commands like sudo or opcom that will give > > > selected users root-privs without su for certain commands > > > > Or, how about a suid root rtprio wrapper that does (among all) > > > > ... > > > > rtprio() seteuid( getuid() ) > > execve( "your_real_executable" ... ) > > > > this is exactly what the rtprio command does (except that it leaves > the user freedom to specify which program to execve). > > If the wrapper is suid root, isn't the execve'd program also run with > root privileges ? The same, I think, might apply to "sudo" ? My brain fart. This might work, and the executable is tightly bound with the wrapper (i.e. only that particular program can be executed rtprio unless the user is root) /Marino > > Luigi > -----------------------------+-------------------------------------- > Luigi Rizzo | Dip. di Ingegneria dell'Informazione > email: luigi@iet.unipi.it | Universita' di Pisa > tel: +39-50-568533 | via Diotisalvi 2, 56126 PISA (Italy) > fax: +39-50-568522 | http://www.iet.unipi.it/~luigi/ > _____________________________|______________________________________ >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706100838.KAA23425>