Re: Need to run as setuid, please read before flaming
- From: "jeff rob" <jeffrobins747 hotmail com>
- To: gtkmm-list gnome org
- Subject: Re: Need to run as setuid, please read before flaming
- Date: Fri, 02 Dec 2005 10:58:57 -0800
I answered my own question.
It was hard to find the anwser, so I'm posting it here.
I found the information at http://lwn.net/Articles/122481/
To fix the problem, include
#include <sys/types.h>
#include <unistd.h>
using namespace std;
Use vfork() to run gtkmm as a different process, but with access to the same
data and pause the parent process until the child has finished. Use
setresuid() and setresgid() to set the UID's and GID's to match the real
UID. This also returns the forked process's privilages to the users and
thus closes the security hole.
pid_t pID = vfork(); //smarter fork, pauses parent process till done
if (pID == 0) // if child
{ //executed by child
setresuid(getuid(), getuid(), getuid()); //set all UID's
setresgid(getgid(), getgid(), getgid()); //set all GID's
//gtkmm stuff here
}
fork() can be used in place of vfork() to allow for simultanious usage of
the setuid process and the gtkmm process. The parent process has a
time-sensitive part, so I only want the gtkmm stuff running at certain
times.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
