[mdlug] How can I set up a process initiated by another user to execute as my user ID?
David Lee Lambert
as4109 at wayne.edu
Mon Apr 23 19:26:09 EDT 2007
On Sun, 2007-04-22 at 21:31 -0400, Fati wrote:
> On 4/16/07, Aaron Kulkis <akulkis3 at hotpop.com> wrote:
> > gib at juno.com wrote:
> > >
> > >
> > > How can I set up a process initiated by another user to execute as my
> > > user ID?
> > >
> > > I have a process that logs into an ftp server with my user ID and my
> > > password but I don't want to provide my password to someone else. How
> > > can I allow someone else to execute this process?
> > >
> >
> > I'm assuming that it's compiled code, and not a shell script.
> >
> > If so, just make sure that YOU are the owner of the executable,
> > and then use chmod to set the "set User ID" (setuid) bit. [...]
> > > Alternatively, can I set up a process that will be able to read the
> > > password from a secure location without the user seeing it?
> > Yes, same way.
> 4751 might be even better. If the world has read permissions on the
> binary, they may be able to find it as easily as running strings on
> the binary. In either case hard coding it period, even with a
You don'd have to put the password in the binary:
#include <stdio.h>
#include <unistd.h>
#include "my_id_constants.h"
int main()
{
if (TARGET_UID != geteuid()) {
fprintf(stderr,"This program must be setuid %d to function properly
\n", TARGET_UID);
exit(1); }
FILE *f = fopen("/path/to/some/file","r"); /* a mode-600 file */
char password[9]; password[0]=0;
fscanf(f,"pass=%8[!-~]",password);
FILE *p = fopen("/path/to/safe/sock/to/ftp/process","w");
fprintf(p,"%s\n",password);
/* the C standard says no return-value means 0 */
}
More information about the mdlug
mailing list