sudo closing file descriptors
Emil Isberg
emil.isberg at mds.mdh.se
Tue Jul 29 20:28:00 EDT 2003
On Tue, 29 Jul 2003, Vaclav Dvorak wrote:
>I was trying to make a program that starts as normal user, creates a
>pair of pipes using pipe(2), then forks, passes the file descriptors in
>the environment and runs the second half of the program as root, using
>sudo. The two parts of the program were supposed to communicate through
>the pipes. I had my program perfectly working without sudo, but when I
>inserted sudo, the pipes got broken. :-(
This is a case when sudo is not the right tool for you...
But ofcourse you can still use sudo... Just don't use pipes...
Open a (duplex) named socket instead and pass the opened (randomized)
socket as argument...
But to your questions... sudo is for user standalone applications...
Any opened pipes are evil per definition since no user should (or
would) open sockets for userinteractive programs before running them...
so what you should do is do one part setuid root (with checks so that
noone evil user may run the program) abd ibe part normal user...
Ofcourse that depends on the environment that you're in, but I still think
that it's quite troublesome to mix in sudo inside the application.
--
I don't mind going nowhere as long as it's an interesting path.
-- Ronald Mabbitt
More information about the sudo-users
mailing list