Re: two questions (newbie)



Thanks, it help me a lot. The only reason for this question is that I'm
writing a program to configure lilo, so I need to have permisions to
write lilo.conf and execute lilo. Only for that, after this I can give
away the permisions.

Is this really dangerous? I mean, is posible to exploit this? the time
the program needs the setuid are only 2 or 3 seconds.

Of course I wouldn't try to write a daemon or something like that with
my actual knowledge.

> > 1- How can I make my program to take root permision, you now, a text box
> > asking for password....
> > But I have no idea of how to make the program become root.
> 
> I am unfortunately unable to come up with a good answer here that doesn't
> sound like "if you can't figure this out yourself, you shouldn't be writing
> code that runs as root".
> 
> At a minimum, read Henry Spencer's very old but still applicable manpage on
> writing setuid code:
> 
> http://wwwlistbox.cern.ch/earchive/hep-proj-grid-wp4-lcfg/msg00324.html
-- 
The chains are broken and the door is open wide
Our eyes adjusting to the light that was denied
And the voices ringing out now
Sing of freedom
And bring a sense of wonder

	http://www.es.debian.org/intro/about.es.html




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]