From owner-freebsd-hackers Tue Jun 10 01:51:33 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id BAA20168 for hackers-outgoing; Tue, 10 Jun 1997 01:51:33 -0700 (PDT) Received: from zwei.siemens.at (zwei.siemens.at [193.81.246.12]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA20125 for ; Tue, 10 Jun 1997 01:51:10 -0700 (PDT) Received: from ws6303-f.gud.siemens.co.at (root@firix [10.1.143.100]) by zwei.siemens.at with ESMTP id KAA02960; Tue, 10 Jun 1997 10:49:39 +0200 (MET DST) Received: from ws6423.gud.siemens.at (ws6423-f) by ws6303-f.gud.siemens.co.at with ESMTP (1.40.112.8/16.2) id AA067852495; Tue, 10 Jun 1997 10:48:15 +0200 Received: by ws6423.gud.siemens.at (SMI-8.6/SMI-SVR4) id KAA23425; Tue, 10 Jun 1997 10:38:28 +0200 Date: Tue, 10 Jun 1997 10:38:28 +0200 From: lada@ws6303.gud.siemens.at (Hr.Ladavac) Message-Id: <199706100838.KAA23425@ws6423.gud.siemens.at> To: lada@ws6303-f.gud.siemens.co.at, luigi@labinfo.iet.unipi.it Subject: Re: your rtprio stuff Cc: luigi@iet.unipi.it, xaa@stack.nl, hackers@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Md5: tbCUQcgoI1v9acaRW+Kq+w== Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > From luigi@labinfo.iet.unipi.it Tue Jun 10 10:40:11 MET 1997 > From: Luigi Rizzo > Subject: Re: your rtprio stuff > To: lada@ws6303-f.gud.siemens.co.at (Hr.Ladavac) > Date: Tue, 10 Jun 1997 09:54:30 +0200 (MET DST) > Cc: luigi@iet.unipi.it, xaa@stack.nl, hackers@FreeBSD.ORG > > > > If you don't mind the risk of letting them run other commands in real time, > > > you could of course use commands like sudo or opcom that will give > > > selected users root-privs without su for certain commands > > > > Or, how about a suid root rtprio wrapper that does (among all) > > > > ... > > > > rtprio() seteuid( getuid() ) > > execve( "your_real_executable" ... ) > > > > this is exactly what the rtprio command does (except that it leaves > the user freedom to specify which program to execve). > > If the wrapper is suid root, isn't the execve'd program also run with > root privileges ? The same, I think, might apply to "sudo" ? My brain fart. This might work, and the executable is tightly bound with the wrapper (i.e. only that particular program can be executed rtprio unless the user is root) /Marino > > Luigi > -----------------------------+-------------------------------------- > Luigi Rizzo | Dip. di Ingegneria dell'Informazione > email: luigi@iet.unipi.it | Universita' di Pisa > tel: +39-50-568533 | via Diotisalvi 2, 56126 PISA (Italy) > fax: +39-50-568522 | http://www.iet.unipi.it/~luigi/ > _____________________________|______________________________________ >