KernelNewbies
  • Comments
  • Immutable Page
  • Menu
    • Navigation
    • RecentChanges
    • FindPage
    • Local Site Map
    • Help
    • HelpContents
    • HelpOnMoinWikiSyntax
    • Display
    • Attachments
    • Info
    • Raw Text
    • Print View
    • Edit
    • Load
    • Save
  • Login

Kernel Hacking

  • Frontpage

  • Kernel Hacking

  • Kernel Documentation

  • Kernel Glossary

  • FAQ

  • Found a bug?

  • Kernel Changelog

  • Upstream Merge Guide

Projects

  • KernelJanitors

  • KernelMentors

  • KernelProjects

Community

  • Why a community?

  • Regional Kernelnewbies

  • Personal Pages

  • Upcoming Events

References

  • Mailing Lists

  • Related Sites

  • Programming Links

Wiki

  • Recent Changes

  • Site Editors

  • Side Bar

  • Tips for Editors

  • Hosted by WikiWall

Navigation

  • RecentChanges
  • FindPage
  • HelpContents
Revision 2 as of 2017-12-30 01:29:53
KernelNewbies:
  • KernelProjects
  • Impersonation

Impersonation functionality

Impersonation is a feature that allows for temporary user switches at run time. UNIX have a similar feature - sutuid (http://en.wikipedia.org/wiki/Setuid), but it requires certain file system, which support "chmod +s <file>" command and all programs which use it, must have accordant flag (+s).

Also, setuid-ed program can gain any privilege even without asking password. Of course, it is a security risk and it will be good to have another mechanism for changing user privileges - and impersonation is a good way to do it. Even we can emulate impersonation with "su USER" command, it is not possible for some environments - like webservers CGI scripts.

There is a good description about implementing impersonation in FreeBSD: http://www.makefile.com/files/uimp.pdf It could be taken for the basis for adding impersonation feature to the kernel.

Difficulty: 7

Contact: Alex (dot) Slesarev (at) gmail.com


CategoryKernelProjects

  • MoinMoin Powered
  • Python Powered
  • GPL licensed
  • Valid HTML 4.01