[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] root-uid: new module
|
From: |
Eric Blake |
|
Subject: |
Re: [PATCH] root-uid: new module |
|
Date: |
Tue, 26 Jun 2012 18:01:23 -0600 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 |
On 06/26/2012 05:49 PM, Paul Eggert wrote:
> /* The super-user can read and write any file, and execute any file
> that anyone can execute. */
> - if (euid == 0 && ((mode & X_OK) == 0
> - || (stats.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))))
> + if (euid == ROOT_UID
> + && ((mode & X_OK) == 0
> + || (stats.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))))
Rather than forcing comparison to a single value, would it be better to
have a function is_privileged_uid(euid)? That's because on Cygwin, the
Administrator group is typically equated with root privileges, but while
there is just one well-known gid for the Administrator group, it is
feasible to have a system with multiple uids all belonging to that group
and thus all having equal root privileges.
On traditional Unix systems, you would have:
bool is_privileged_uid (uid_t id) { return !id; }
On Tandem, you would have:
bool is_privileged_uid (uid_t id) { return id == ROOT_UID; }
and on Cygwin, you would have:
bool is_privileged_uid (uid_t id) {
/* some function call that determines if id has admin privileges,
although I don't know off-hand what it would look like */
}
--
Eric Blake address@hidden +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature