Date: Thu, 27 Mar 1997 11:12:08 +0800 From: Peter Wemm <peter@spinner.DIALix.COM> To: Poul-Henning Kamp <phk@critter.dk.tfs.com> Cc: Bill Fenner <fenner@parc.xerox.com>, ache@nagual.ru, imp@village.org, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libtermcap pathnames.h termcap.c Message-ID: <199703270312.LAA04087@spinner.DIALix.COM> In-Reply-To: Your message of "Mon, 24 Mar 1997 19:17:22 %2B0100." <228.859227442@critter>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote:
> In message <97Mar24.094840pst.177486@crevenia.parc.xerox.com>, Bill Fenner wr
it
> es:
> >I think a lot would be solved by having a library function like
> >access() that also accepts a UID. Then the don't-let-people-access-
> >files-in-a-setuid-program-that-they-wouldn't-normally-have-access-to
> >problem, instead of being solved in N different setuid programs,
> >could be solved once.
>
> Well, access_as(2) alone will not do it, you would need a open_as(2),
> unlink_as(2), rename_as(2) and so on...
Err, yeah. I knew that.. :-) Please ignore my previous simplistic reply
about access. :-). With setfsuid() etc in a setuid process, you'd do
this:
setfsuid(getuid());
fd = open(..)
setfsuid(geteuid());
And similar for daemons that are running as root but want to access files
as a user, eg: ftpd. It works for open, unlink, rename, link, chmod, etc
etc, the entire set of VFS syscalls.
Cheers,
-Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703270312.LAA04087>