Let me elaborate a little: I figure I can just call the
GETPRIVMODE/GETUSERMODE around the code something like:
/*
* Change UID/GID here so that the following tests work over NFS.
*
* Initialize the group access list for the target user,
* and setgid() to the target group. If unsuccessful, error out.
*/
#if defined(MPE)
getprivmode;
#end
if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0))
{
log_err("emerg: failed to setgid (%ld: %s)\n", gid, cmd);
exit(109);
}
/*
* setuid() to the target user. Error out on fail.
*/
if ((setuid(uid)) != 0) {
log_err("emerg: failed to setuid (%ld: %s)\n", uid, cmd);
exit(110);
}
#if defined(MPE)
getusermode;
#end
...but this seems a little too quick-and-dirty.
Shouldn't I put some status-checking code in here to make sure we got
into/out of PRIVMODE OK?
Thanks!
Curtis
>>> Curtis Larsen <[log in to unmask]> 08/08/2001 12:20:58 PM
>>>
Yep... still plugging nickels into this particular gumball machine.
I'm (finally) at the point where I can test suEXEC for real, but I
know
it needs to be modified to use GETPRIVMODE / GETUSERMODE GETUID and
SETUID (as well as live in MPE namespace). Sooooo... where can I find
the delightful details on calling these functions to wrap the
following
GNU C code?
/*
* Change UID/GID here so that the following tests work over NFS.
*
* Initialize the group access list for the target user,
* and setgid() to the target group. If unsuccessful, error out.
*/
if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0))
{
log_err("emerg: failed to setgid (%ld: %s)\n", gid, cmd);
exit(109);
}
/*
* setuid() to the target user. Error out on fail.
*/
if ((setuid(uid)) != 0) {
log_err("emerg: failed to setuid (%ld: %s)\n", uid, cmd);
exit(110);
}
Thanks!
Curtis
-----------------------------------------------------
Confidentiality Notice: This e-mail transmission
may contain confidential or legally privileged
information that is intended only for the individual
or entity named in the e-mail address. If you are not
the intended recipient, you are hereby notified that
any disclosure, copying, distribution, or reliance
upon the contents of this e-mail is strictly prohibited.
If you have received this e-mail transmission in error,
please reply to the sender, so that we can arrange
for proper delivery, and then please delete the message
from your inbox. Thank you.
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|