Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: Privileged write to file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Privileged write to file

Subject: Re: Privileged write to file
From: Alastair Houghton <email@hidden>
Date: Wed, 10 Mar 2004 14:37:23 +0000

On 10 Mar 2004, at 12:21, Reed Hedges wrote:

> On Wednesday, March 10, 2004, at 06:37 AM, Sam McCandlish wrote:
>
>> I don't really understand the usefulness of setuid root.
>
> If a file is owned by root, then there are only two ways that file can
> be changed
>
> 1. by a process invoked by root
> 2. by a process that is "suid root"

Actually, there are three. A process that is running as root (possibly
because it is setuid) can pass open file handles to any other process
via a UN*X domain socket (some of the Apple documentation mistakenly
calls this a pipe, but AFAIK you can't actually use a pipe for this
purpose).

See "man unix"; the actual mechanics of sending a file descriptor are
handled by using the sendmsg() function with an SCM_RIGHTS control
message.

(BTW, this is exactly how the "authopen" program works... see "man
authopen".)

Kind regards,

Alastair.

[demime 0.98b removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.

References:
	>Re: Privileged write to file (From: Reed Hedges <email@hidden>)

Prev by Date: Re: resizing a window before displaying
Next by Date: Re: Wisdom of overriding isEqual:
Previous by thread: Re: Privileged write to file
Next by thread: Re: Privileged write to file
Index(es):
- Date
- Thread