Re: setpeuid(pid_t, uid_t) proposal

From: Valdis . Kletnieks
Date: Tue Aug 24 2004 - 07:02:40 EST

Next message: Thomas Richter: "Re: Amiga partition reading patch"
Previous message: Michael Kerrisk: "Re: [PATCH] waitid system call"
In reply to: Jerry Haltom: "Re: setpeuid(pid_t, uid_t) proposal"
Next in thread: Gianni Tedesco: "Re: setpeuid(pid_t, uid_t) proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 24 Aug 2004 01:27:50 CDT, Jerry Haltom said:
> > What does this buy you that having the separate daemon just do
> > a fork/seteuid/exec to do the work, and passing the results back via a
> > Unix socket or shared mem or what-have-you?
>
> To do a seteuid the daemon would need to be root.

And how is this different from:

> Only a process with uid 0 may call it. The first argument is a process
> id. The second argument is a uid. The function is effictivly the exact
> same as seteuid() except that it operates on another process. Very
> simple explanation, now here's why.
.....
> Apache runs as a low privledge user, but can obtain the permissions of
> the user that requested the service. Apache can't give itself access, so
> it relies on a seperate process to do so. A request is received to

You've already stated that the separate process has to be running as root....

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Thomas Richter: "Re: Amiga partition reading patch"
Previous message: Michael Kerrisk: "Re: [PATCH] waitid system call"
In reply to: Jerry Haltom: "Re: setpeuid(pid_t, uid_t) proposal"
Next in thread: Gianni Tedesco: "Re: setpeuid(pid_t, uid_t) proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]