Subject: Re: open_as vs fuid
To: Todd Vierling <tv@wasabisystems.com>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-kern
Date: 11/05/2000 21:17:11
On Sun, Nov 05, 2000 at 07:47:04PM -0500, Todd Vierling wrote:
> 
> Has ANYONE in this thread considered that we already have a possibly more
> secure mechanism for this, that could be combined simultaneously with
> authentication for use by a non-suid program?
> 
> See unix(4) and its description of passing fd's via a "cmsghdr".

Uh, hello, that's *exactly* what I've been proposing all along: exec
a small program that only your program can run (because it's group-execute
only, and your program's setgid that group) that is setuid root; the small,
easily verified program gets the descriptor you want and passes it back to
you.