From owner-freebsd-hackers Wed Nov 15 6:17:48 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from ringworld.nanolink.com (pool14-tch-1.Sofia.0rbitel.net [212.95.170.14]) by hub.freebsd.org (Postfix) with SMTP id 407C037B4CF for ; Wed, 15 Nov 2000 06:17:40 -0800 (PST) Received: (qmail 12765 invoked by uid 1000); 15 Nov 2000 14:13:16 -0000 Date: Wed, 15 Nov 2000 16:13:16 +0200 From: Peter Pentchev To: freebsd-hackers@freebsd.org Subject: changing a running process's credentials Message-ID: <20001115161316.C309@ringworld.oblivion.bg> Mail-Followup-To: freebsd-hackers@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG All right, feel free to flame me a LOT for what follows :) There are situations (at least I could think of some :) where it is necessary to change a running process's credentials. I'm thinking specifically of the effective UID and GID, but I might have to tinker with the real and saved UID's, too. As far as I can see, FreeBSD (nor any other Unix system I'm aware of) does not provide a way to do this (short of writing to /dev/kmem ;). If a new syscall should be implemented to this end, would it be enough to change a struct proc's p_cred member, its pc_ucred and such, or would that raise hell all over the process table? I see the comments mentioning 'possibly shared' credentials - does this mean that I can inadvertently change the credentials of a whole process children/siblings tree? That does not sound too good - how do I go about taking a single process's credentials out - just allocate a new pcred/ucred structure? And yes, I'm quite aware of the security implications of something like that.. let's just say I like playing with fire in a controlled environment :) (famous last words..) G'luck, Peter -- If the meanings of 'true' and 'false' were switched, then this sentence wouldn't be false. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message