On Tuesday 02 October 2007, Jan Engelhardt wrote:
> On Oct 2 2007 13:33, Giuliano Gagliardi wrote:
> >Date: Tue, 2 Oct 2007 13:33:05 +0200
> >From: Giuliano Gagliardi <[email protected]>
> >To: Jan Engelhardt <[email protected]>
> >Subject: Re: One process with multiple user ids.
> >
> >On Tuesday 02 October 2007, Jan Engelhardt wrote:
> >> On Oct 2 2007 12:56, Giuliano Gagliardi wrote:
> >> >I have a server that has to switch to different user ids, but because
> >> > it does other complex things, I would rather not have it run as root.
> >> > I only need the server to be able to switch to certain pre-defined
> >> > user ids.
> >>
> >> All you need is CAP_SETUID. Also see man setresuid,
> >> where you could, I think, use saved_uid=0 if you do not
> >> like to use real_uid=0 effective_uid=non-0.
> >
> >But CAP_SETUID would let me change to any uid, would it not? I would like
> > my process to have no possibility to change to any uid, except some
> > predefined set, so that in case of a security hole only those uids could
> > be compromised.
>
> You could write up a LSM that restricts UID changing.
Would you not consider it more useful to let one process have multiple user
ids? I do not see why they can have multiple group ids, but only (and
exactly) three user ids.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
