[SCM] UID Wrapper Repository - branch master updated
Andreas Schneider
asn at samba.org
Sun Jan 19 12:23:20 MST 2014
The branch, master has been updated
via 3ded8a3 Update README.
from 307d1bb uwrap: Rename uwrap_enabled() to uid_wrapper_enabled().
http://gitweb.samba.org/?p=uid_wrapper.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3ded8a33bd70a97df3bfb551ac5da6a280a1945a
Author: Andreas Schneider <asn at cryptomilk.org>
Date: Sun Jan 19 20:23:01 2014 +0100
Update README.
-----------------------------------------------------------------------
Summary of changes:
README | 26 ++++++++++++++++++++++++--
1 files changed, 24 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/README b/README
index aac2285..6f19b38 100644
--- a/README
+++ b/README
@@ -1,8 +1,13 @@
UID wrapper library
====================
-This library intercepts seteuid and related calls, and simulates them
-in a manner similar to the nss_wrapper and socket_wrapper libraries.
+Privilege separation - Some projects like a file server need privilege
+separation to be able to switch to the connnection user and do file operations.
+uid_wrapper convincingly lies to the application letting it believe it is
+operating as root and even switching betwen uids and gids as needed.
+
+More precise this library intercepts seteuid and related calls, and simulates
+them in a manner similar to the nss_wrapper and socket_wrapper libraries.
This allows you to do user switching when testing e.g. file servers.
@@ -18,3 +23,20 @@ UID_WRAPPER_ROOT=1
If you set the environment variable to UID_WRAPPER_MYUID=1 before you call
geteuid() then it will return the real uid.
+
+To find out if uid_wrapper is enabled, we suggest to implment the following
+function in a library your application loads:
+
+int uid_wrapper_enabled(void)
+{
+ return 0;
+}
+
+Then you can use:
+
+if (uid_wrapper_enabled()) {
+ /* special uid_wrapper handling code */
+}
+
+uid_wrapper implements this funciton too and it will be loaded before your
+library gets loaded.
--
UID Wrapper Repository
More information about the samba-cvs
mailing list