Subject: Re: Must be root to patch the kernel
From: Adrian Simmons (cerberus@aes.clara.co.uk)
Date: Sun Oct 01 2000 - 18:22:07 MDT
Christian Jaeger wrote:
> >Second problem : after booting my computer, I can't launch MOL without
> >being root, because it has to patch the kernel. It's only possible to
> >run MOL without being root later, after a fisrt-run of MOL as root. Is
> >there any solution avoiding this condition ? Is this a security choice ?
>
> Save the following as root to /usr/local/bin/startmol:
>
> #!/usr/bin/perl -w
> %ENV=();
> $<=$>;
> exec '/usr/bin/startmol_original'
>
> then:
> chmod 755 startmol; chmod u+s startmol; mv /usr/bin/startmol
> /usr/bin/startmol_original
>
> This should not be a security problem. (except everybody is now able to
> start mol)
Another possibility, and one which I use is the runsuid program, I found
it on Freshmeat, do a search, it compiles happily on LinuxPPC.
You install runsuid, configure it and add a line to the startmol script.
The difference from the perl script above is that you can specify what
users you want to allow to start mol in the runsuid config file, thus
you can restrict access to mol whilst still starting it as non-root user
for yourself.
Adrian
This archive was generated by hypermail 2a24 : Sun Oct 01 2000 - 13:28:37 MDT