dynamic context transitions
Russell Coker
russell at coker.com.au
Mon Nov 8 14:39:23 GMT 2004
On Tuesday 02 November 2004 07:35, Luke Kenneth Casson Leighton
<lkcl at lkcl.net> wrote:
> > Is there any reason why smbd can't exec a simple helper application in
> > the required context which only does what needs to be done?
>
> no there is no reason why [a helper application should] not [be used].
>
> i am not sure if the simple solution [that andrew and russell
> came up with] was fully enumerated: it involves exec'ing a
> per-user helper application which does a setuid.
>
> the helper application opens files as-and-when they are needed,
> [and also does mkdirs? and rmdirs?] and then passes the file
Yes, it would also do mkdir, rmdir, link, unlink, rename, and symlink. For
best functionality it would do stat, but that would have performance issues
or require file handle caching code which would be more work to write and
maintain.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the samba-technical
mailing list