[NCLUG] Need to write to non-owned file
Stephen Warren
swarren at wwwdotorg.org
Fri May 11 18:12:21 MDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
bsimpson at att.net wrote:
> I am writing a C++ application that must read a file, alter it,
> then write it back out. This file may be owned by another user,
> and be writable only by that user. In this case I display a
> popup to enter that user's password. Once I have that password,
> how do I write to that user's file? In a shell environment, it's
> easy to switch users. I need to do that within an application.
The answer is that you don't actually want to do this. Really. It's
going to be a *huge* security hole.
Consider the case where the user of your application tricks your program
into editing /etc/passwd or something like that.
Equally, you probably don't want your program to read the user's
password and authenticate the user; it's a pain. It would require (at
least part of) your program running as root, calling a bunch of complex
APIs like setuid/seteuid/setgid/setegid, and probably a bunch of other
complex stuff.
Instead, you're probably better off spawning a copy of su/sudo/login
(possibly within a spawned xterm etc. if it's a GUI app) and having that
prompt the user for the password, and running a command to write/edit
the file.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGRQZlhk3bo0lNTrURAs/UAKCwrhhwEsnK1Ty8/BTYEK1Uak2uMQCgomR1
PHAc3quIrhYboG5IZ8JkaYc=
=72f9
-----END PGP SIGNATURE-----
More information about the NCLUG
mailing list