> > I have one more specific question regarding daemons that take > authentication, and switch to another uid. For something > like a telnetd, > or sshd that uses PAM.... in order to drop to a shell as the > uid of the > authenticated user, do they really need root? If you have the > authentication information for the user, then you could call > the system > call equivalent of su, right? So the daemon is actually going after a > privilege gain rather than a drop, because it starts as some > account that > can really only bind a special port. > Apart from the fact that "su" is setuid root in order to achieve this? AFAIK, the ONLY way to become a different user under Unix is if root says you can. Either via a suid root binary ("su"), or a service/daemon running as root, e.g. telnet, sshd, rshd, etc. I suspect this is essentially the same under NT/2000 as well. It may be possible to code a limited "getprivs" program analogous to su, that would return the "privileges" of the user credentials supplied. Something like sshd's privsep code, where a limited root process simply validates authentication credentials, and returns a "user owned" token that allows them to do what they need to. e.g. a user owned fd, or pty, or whatever. Well, it looks like I was talking rubbish. Even under sshd's privsep, the privileged ssh daemon still forks a user owned process. I don't see a clean interface to this that could be used by arbitrary processes. See http://www.citi.umich.edu/u/provos/ssh/privsep.html It sounds to me like we want something like "sudo" for applications . . . Rogan
This archive was generated by hypermail 2b30 : Mon Jul 08 2002 - 08:59:09 PDT