On Thu, 13 Dec 2001, Norm Dresner wrote: > ----- Original Message ----- > From: Calin A. Culianu <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, December 13, 2001 5:06 PM > Subject: Re: [rtl] make devices ? > > > > > > You can write a small C program to essentially act as a wrapper to > the > > mknod(2) system call. Then set this program to be setuid-root and > have it > > behave correctly as such.. Also this allows you to control exactly > WHAT > > devices a user can create. > > > > The other alternative that was suggested was to just set the mknod > binary > > to be setuid root. This can have security and safety ramifications, > and > > it may not even work at all (IIRC programs usually need to be > > setuid-aware). Can you imagine what would happen if a goofy > developer who > > mistyped a major number instead pointed a device node to something > like > > the ide driver rather than an RTF? Then he tries to write to the > fifo and > > POOF, there goes your hard drive! :) > > The OP asked how to allow non-root users to access one (or more) > root-only commands. Every answer to this question (other than "don't > do it") entails risks. Further, every answer to the question entails
Not true. > running the mknod binary and therefore carries the same risks. Not true. man 2 mknod. Write a C program. Setuid it. Make sure it only knows how to create rtf's and other assorted rtl-related device. End of story. -Calin > > Norm > > > > -- [rtl] --- > To unsubscribe: > echo "unsubscribe rtl" | mail [EMAIL PROTECTED] OR > echo "unsubscribe rtl <Your_email>" | mail [EMAIL PROTECTED] > -- > For more information on Real-Time Linux see: > http://www.rtlinux.org/ > -- [rtl] --- To unsubscribe: echo "unsubscribe rtl" | mail [EMAIL PROTECTED] OR echo "unsubscribe rtl <Your_email>" | mail [EMAIL PROTECTED] -- For more information on Real-Time Linux see: http://www.rtlinux.org/
