[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: program that runs a given command under a given gid
From: |
Jann Horn |
Subject: |
Re: program that runs a given command under a given gid |
Date: |
Sat, 26 May 2012 15:36:05 +0200 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Sat, May 26, 2012 at 03:10:02PM +0200, Bruno Haible wrote:
> 1) Scan the source code and add, after every file creation via
> open() or fopen() or shell redirections etc. a
> "chgrp $g $file && chown g+w $file" action.
> The first approach is not realizable if the program is large or not free.
> Whereas with the second approach there is the problem that setgid()
> and setregid() are not allowed to normal users, *even* if they are
> members of the target group.
As long as that program doesn't use syscalls directly and uses the libc
instead, you should be able to shim in a custom open() using LD_PRELOAD or so,
right?
pgpBTuiK6WLBg.pgp
Description: PGP signature