Active Topics
-
Is there a section to talk about Java ME? Apps, etc. (6)
to General by Kalatti - 4 days, 4 hrs ago -
Full linux distros on Sailfish OS (253)
to SailfishOS by qoh - 6 days, 22 hrs ago - more...
 |
|
2015-02-03
, 09:47
|
|
Posts: 6,436 |
Thanked: 12,699 times |
Joined on Nov 2011
@ Ängelholm, Sweden
|
#2
|
use suid bit and setuid(0) in main
https://github.com/CODeRUS/powermenu...menu.spec#L101
https://github.com/CODeRUS/powermenu...c/main.cpp#L54
https://github.com/CODeRUS/powermenu...menu.spec#L101
https://github.com/CODeRUS/powermenu...c/main.cpp#L54
| The Following 4 Users Say Thank You to coderus For This Useful Post: | ||
|
|
2015-02-03
, 09:54
|
|
Posts: 188 |
Thanked: 308 times |
Joined on Jan 2013
@ UK
|
#3
|
Schturman has a number of applications that simply start others as root (see https://openrepos.net/user/365/programs?page=0%2C0 ). I don't know where the source code is, but it suggests to me that there's a generic way to package it.
EDIT: beaten to it.
EDIT: beaten to it.
|
|
2015-02-03
, 09:54
|
|
Posts: 3 |
Thanked: 0 times |
Joined on Feb 2015
|
#4
|
Originally Posted by coderus
I must be honst, I'm a fairly inexperienced in this, so please forgive me if my questions appear trival to you: Basically that would be the same as using chmod from the command line, wouldn't it?
use suid bit and setuid(0) setgid(0) in main
Would this privilege evelation be that simple for every program on warehouse?
Since not the whole app would use, just some parts of it, could I get evelated privileges just for the critical parts and run the other code as normal user?
Edit: Remarking your edit: WOW! Thank you, that helped a lot! So for the critical code, I'd use this in the beginning. Dropping privileges would be setuid(1)?
Last edited by auRatoh6oo; 2015-02-03 at 10:00.
|
|
2015-02-03
, 10:02
|
|
Posts: 6,436 |
Thanked: 12,699 times |
Joined on Nov 2011
@ Ängelholm, Sweden
|
#5
|
Originally Posted by auRatoh6oo
basically you shouldn't setuid in runtime. you making some kind of helper binary which only doing some operations requires root privileges.
I must be honst, I'm a fairly inexperienced in this, so please forgive me if my questions appear trival to you: Basically that would be the same as using chmod from the command line, wouldn't it?
Would this privilege evelation be that simple for every program on warehouse?
Since not the whole app would use, just some parts of it, could I get evelated privileges just for the critical parts and run the other code as normal user?
Edit: Remarking your edit: WOW! Thank you, that helped a lot! So for the critical code, I'd use this in the beginning. Dropping privileges would be setuid(1)?
and sure, 4755 in spec file is same to chmod
| The Following User Says Thank You to coderus For This Useful Post: | ||
|
|
2015-02-03
, 10:05
|
|
Posts: 3 |
Thanked: 0 times |
Joined on Feb 2015
|
#6
|
Originally Posted by coderus
Ah, I see, thank you!
basically you shouldn't setuid in runtime. you making some kind of helper binary which only doing some operations requires root privileges.
and sure, 4755 in spec file is same to chmod
I toyed with the idea of developing a small app, which might require root privilege. It wouldn't be a problem if I only did this for myself and echo my root password to devel-su. Since this is not really practical if I'd share the application on Warehouse, I'm in search for a better solution.
Best Regards
Last edited by auRatoh6oo; 2015-02-03 at 10:06.