On Fri, Aug 26, 2005 at 05:25:37PM +0800, Coywolf Qi Hunt wrote:
> I just wrote a tool with kernel patch, which is to set the uid's of a running
> process without FORK.
>
> The tool is at http://users.freeforge.net/~coywolf/pub/promote/
> Usage: promote <pid> [uid]
>
> I once need such a tool to work together with my admin in order to tune my web
> configuration. I think it's quite convenient sometimes.
>
> The situations I can image are:
>
> 1) root processes can be set to normal priorities, to serve web
> service for eg.
Most (if not all) web servers can be told to drop all privileges and
run as a normal user. If not, you can use selinux to create a policy
for such processes (IIRC that's what Fedora does).
> 2) admins promote trusted users, so they can do some system work without knowing
> the password
Use sudo for that, it allows even much finer grained control.
> 3) admins can `promote' a suspect process instead of killing it.
Why would that change anything? You only change a process's UID,
nothing else. You don't change things like resource limits, so a
process started as root with unlimited limits is still allowed to use
those limits. AFAIK setrlimit() can't be used to change resource limits
of other processes.
Erik
--
+-- Erik Mouw -- www.harddisk-recovery.com -- +31 70 370 12 90 --
| Lab address: Delftechpark 26, 2628 XH, Delft, The Netherlands
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |