Re: setuid root library?

Hasdi R Hashim (hasdi@engin.umich.edu)
Tue, 18 Jun 1996 02:54:40 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Harald Milz: "Re: 2.2.0 wishlist"
Previous message: Raja R Harinath: "Re: setuid root library?"

On 17 Jun 1996, Raja R Harinath wrote:
> Hasdi R Hashim <hasdi@engin.umich.edu> writes:
> > Is there a way to load library in such a way that if you execute
> > any functions in it, you'll execute it under supervisor mode? (of course
> > the library has to have proper permission set? Is it useful to have such a
> > beast? Any drawbacks? Is possible to it in userspace?
>
> I'm not sure if you can. It would be a pain to implement it, I guess.
>
> Have you considered running a setuid daemon, provide services via IPC.
> You could probably also build a lightweight RPC (say, using shared
> memory) to make the interface cleaner.

I have. I would need localhost-based IPC that is REAL fast. Shared memory
comes to mind. The client would queue commands on memory and the server
would read it off. Problem with shared memory is that, I don't know how to
make it accessible only between two consenting processes <grin>. The
server is setuid root and client can be any user. To share memory between
the server and the client, I have to set SysV IPC permissions to 0666
(read open channel). How would I avoid this sick huge orgy?

I wish SysV IPC isn't that broken. The only place I can find SysV IPC
useful is when the resource are allowed to accessed between processes with
the same user/group. (0660) I know, use BSD sockets, but SysV IPC is the
only IPC that supports shared memory as far as I know.

BACK to setuid root library, maybe what I am looking for is a way the
kernel can dynamically add syscalls on runtime. Sure, there's modules but
modules' code are unswappable. :(

Stumped

Hasdi

Next message: Harald Milz: "Re: 2.2.0 wishlist"
Previous message: Raja R Harinath: "Re: setuid root library?"