• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Kernel NKE projects user space daemon.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kernel NKE projects user space daemon.

  • Subject: Re: Kernel NKE projects user space daemon.
  • From: Rohan Lloyd <email@hidden>
  • Date: Wed, 4 Jan 2006 15:22:51 +1100

On 4 Jan 2006, at 11:31 AM, Terry Lambert wrote:

To answer your original question, though, the security guys generally frown on SUID/SGID anything, even if it's an ordinary user the thing impersonates.

I agree with the above. But if you *do* find yourself using suid/ sgid, make sure you don't run the whole process as root. You should use seteuid() to toggle between the real uid and the setuid. Typically the very first thing you should do is revert back to the real uid. Then call seteuid() when you need root permission, and revert back immediately afterwards.

something like:

main()
{
  // relinquish suid until it is required
  seteuid(getuid());

  ...

  // this bit of code requires suid
  seteuid(0);

  ...

  // no longer needed revert back to real uid
  seteuid(getuid());

}





--
Rohan Lloyd

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Kernel NKE projects user space daemon. (From: matt jaffa <email@hidden>)


 >Re: Kernel NKE projects user space daemon. (From: Mike Smith <email@hidden>)


 >Re: Kernel NKE projects user space daemon. (From: Mike Smith <email@hidden>)


 >Re: Kernel NKE projects user space daemon. (From: Brian Bergstrand <email@hidden>)


 >Re: Kernel NKE projects user space daemon. (From: Terry Lambert <email@hidden>)






    

  • Prev by Date:
Re: Kernel NKE projects user space daemon.

    • 

  • Next by Date:
Re: Kernel NKE projects user space daemon.

    • 

  • Previous by thread:
Re: Kernel NKE projects user space daemon.

    • 

  • Next by thread:
tcplognke for 10.3 still available?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •