Re: FSCopyObjectSync and changing EUID
Re: FSCopyObjectSync and changing EUID
- Subject: Re: FSCopyObjectSync and changing EUID
- From: James Bucanek <email@hidden>
- Date: Sat, 19 Jul 2008 23:31:51 -0700
James Bucanek <mailto:email@hidden> wrote (Saturday,
July 19, 2008 4:51 PM -0700):
I thought I could easily solve this problem using
pthread_setugid_np(), but I've had no success. When the thread starts,
I've tried setting pthread_setugid_np(KAUTH_UID_NONE,KAUTH_GID_NONE)
and pthread_setugid_np(501,501). Both return an error -1 and there's
no change in the thread's EUID.
Answering my own post ... I have this working now, although it
seems very counter-intuitive.
pthread_setugid_np only seems to work when the EUID is 0/root.
So the thread must first seteuid(0), switching the entire
process to root, then call pthread_setugid_np(501,501) to
constrain the current thread to the user, then seteuid(501) to
set all of the other threads back to running as the user. All
that so that the thread can run with the privileges it was
started with.
It seems that the mysteries of security models are fathomless. ;)
--
James Bucanek
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Filesystem-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden