In messge <199608301130.MAA04777_at_cableol.net> Alan Cox <coxa_at_cableol.net> writes
on the topic of general users running scripts as root to be able to
change passwords or whatever...
>If you want to do this right, use something like sudo that is basically
>safe or read the security list stuff on writing secure setuid application
>things. That generally means it needs to remove resource limits, clean
>the environment variables, set the signal handlers up nicely then use
>execle/execve to safely run the binary. I would recommend the latter path.
Does anyone have an example of something like the above? We are
looking at the possibillity of containg users in some sort of menu
system after they log on and being in a university environment we
know that every second student will be trying his/her best to break out
of it. The users wont need to run anything as root but we have to be
certain that they can't escape the menu.
I could do what Alan has suggested but I get the feeling I would
be inventing a wheel that has be invented many times before.
Any assistance would be greatly appreciated.
Cheers,
Martin Ryan
VMS Systems Administrator
RMIT, Melbourne, Australia
Received on Thu Sep 05 1996 - 03:50:43 NZST