1. UID / effective UID problem
Hi,
Consider a user U, programs A which is set-uid A, program B is set-uid B.
U, A, and B are all simple mortals. No root-privilege.
Now, U calls A. As part of it's job, A fork/execs B. U should not need to
know that B is involved.
So we have
real UID effective UID saved-set-UID
-------------------------------------------------------------
U's shell U U U
program A U A A
program B U B B
A 'knows' its user U calling, and can check his credentials in , say, A.allow.
I want B to be able to authorize A using it's B.allow. But it can't! It can't
tell that its being called by A.
It does know the original caller was U, but in my situation that's irrelevant.
So, I studied Steven's 'Advanced Programming in the Unix Environment', section
8.10. to find out that BSD has a setreuid(), which can swap the real and
effective uid.
All other calls don't seem to help in this particular problem.
Now it looks like this:
real UID effective UID saved-set-UID
-------------------------------------------------------------
U's shell U U U
program A U A A
setreuid(..) A U A
program B A B B
That's exactly what I want! B can now whether A has the right to call B.
U is no longer visible!
Great. But *sigh*, it's not in XPG4, which is our portability goal.
So here's the question:
How can B tell it's A calling, using stuff available in Xopen XPG4 ??
Any hints are very much appreciated!
--
Ideta, 6 Frankemaheerd, 1102 AN Amsterdam, the Netherlands
My opinions are my own, not necessarily my boss's.
Everything's relative - absolutely.
2. Trying to put a file with Apache and the HTTP 1.1 protocol
3. User Ids (uid) > 65k or 32 bits uids
4. Cannot Start CDE, Plz help!
5. effective UID vs. Real UID with su - problem
6. troubles with a QMS1600 printer
7. setuid to a non-root uid for both effective&real uid
8. Promise Fasttrack TX2 100
9. Changing the UID of php engine process
10. Root's UID and GID
11. need help modify UID for one existant user
12. How to Get Peer Process's uid
13. HPUX - set GID and UID?
by