[COLUG] How Does Linux Security Work?
Brett Stauffer
brett at bnbstauffer.net
Fri Aug 3 10:04:25 EDT 2007
On Thu, 2007-08-02 at 20:15 -0400, Brian Miller wrote:
> If you really want all the gory details, you could look at the source code
> for "su" and see what calls that program makes, since the whole purpose
> of "su" is to assume the user ID and permissions of another user.
It's really not all that gory. Gaining privileges of another user
requires a setuid() system call. The "guts" of the "su" command is
here:
if (setuid (pw->pw_uid))
error (EXIT_FAIL, errno, _("cannot set user id"));
The remainder of the code simply ensures that you have permission to
make this system call.
Apart from validating permission in a different manner, "sudo" probably
operates in a similar fashion.
--brett
More information about the colug432
mailing list