(Please cc: me, I'm not subscribed.)
Using the magical prctl() call it's possible to run daemons as non-root
while still possessing some capabilities. For full support, patched kernel
with ext2 capabilities is required, but if the daemon doesn't exec()
anything (for example, by emulating exec() with mmap()), stock 2.4 is
enough.
This works well for programs like pppd, hwclock and XFree86. There is a
problem if the daemon uses setuid() and setgid() to change identity, like
sshd or cron. In function cap_emulate_setxuid() (in kernel/sys.c) the
capabilities are cleared when IDs are switched. However, the check misses
the case where old_*uid are already nonzero. This patch attempts to fix
the problem.
There are still problems with sequence
orig_euid = geteuid();
seteuid(65534);
/* work */
seteuid(orig_euid);
Any suggestions?
-Topi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Mar 23 2001 - 21:00:11 EST