Date: Wed, 15 Nov 2000 10:15:51 -0700 From: Warner Losh <imp@village.org> To: Peter Pentchev <roam@orbitel.bg> Cc: Alfred Perlstein <bright@wintelcom.net>, freebsd-hackers@FreeBSD.ORG Subject: Re: changing a running process's credentials Message-ID: <200011151715.KAA56762@harmony.village.org> In-Reply-To: Your message of "Wed, 15 Nov 2000 19:01:35 %2B0200." <20001115190135.E309@ringworld.oblivion.bg> References: <20001115190135.E309@ringworld.oblivion.bg> <20001115161316.C309@ringworld.oblivion.bg> <20001115084722.I29448@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20001115190135.E309@ringworld.oblivion.bg> Peter Pentchev writes: : Hmm.. I've also received two private mails so far, pointing me to setuid(). : The problem is, I want to force a new UID on *another* process without : its knowledge. setuid() only works on the process invoking it, so : both the 'force' and the 'without its knowledge' part fall by the wayside :( I think the reaction to this by the security officer team would be a) extreme and b) negative. The security implications are huge. : The security implications I meant have to do with the ability to provide : either a tool or a sysctl to change the uid of any running process : on the system - that would have to include stringent controls on exactly : who and why uses this tool/sysctl. I have some ideas about this, : but they need some more grinding before they're ready to be tossed : at the world for discussion (and dissing ;) I'd make it a full syscall, not just a sysctl. I'd also make sure that only root and no body else could use it. Maybe I should back up a step and ask what it is you are trying to accomplish here. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011151715.KAA56762>