Loading ...
Sorry, an error occurred while loading the content.

6185Re: "ocaml_beginners"::[] Permissions and processes

Expand Messages
  • Richard Jones
    Jul 2 10:46 AM
    • 0 Attachment
      On Sun, Jul 02, 2006 at 02:19:15PM -0000, roparzhhemon wrote:
      > My question is : can you create within Ocaml a function
      >
      > execute_with_perm : string->string->process_status
      >
      > (in the vein of Unix.system)
      >
      > such that
      >
      > execute_with_perm comm passwd
      >
      > executes the command comm, providing the
      > password passwd to gain the right to do it ?
      >
      > For example,
      >
      > execute_with_perm "sudo doSomethingDangerous" "abracada"
      > would allow the (currently logged) user whose passwd is "abracada" to execute
      > the command "doSomethingDangerous".

      This is a general Unix question, and nothing particular to OCaml.

      It looks like you need to investigate the '-S' option to sudo. You
      can run 'sudo -S doSomethingDangerous' using the Unix.open_process_out
      function, then send the password to sudo over the channel.

      Other options include having a setuid executable or a daemon to manage
      the transition between users, but unless you know what you're doing,
      you will probably end up just adding a security hole to the system.

      Rich.

      --
      Richard Jones, CTO Merjis Ltd.
      Merjis - web marketing and technology - http://merjis.com
      Team Notepad - intranets and extranets for business - http://team-notepad.com
    • Show all 4 messages in this topic