Programmatically request elevated privileges on Linux

Question

Programmatically request elevated privileges on Linux

( This question has an identical title, but the question asks it in a script, for example su -c , do not fool it before)

I have a Qt GUI application that needs to perform some file operations in / etc based on user input. One option is likely to use system() with sudo , but even so, you need to mess around with the sudoers file. I would also like not to do system() plus script hacks for modifying files, but the correct file operations.

What is the best way to programmatically elevate my apps for this?

Edit: as a bonus, it would be nice if it worked on Maemo / Meego / other handheld computers (afaik PolicyKit is not available there ..)

+4

linux qt root maemo

Tuminoid Sep 16 '10 at 12:04

source share

3 answers

You can use PolicyKit, which gradually replaces gksu / su / sudo, especially on Ubuntu, for its higher security and small-scale management due to increased actions, and not for the entire program.

+4

Delan azabani Sep 16 '10 at 12:07

source share

Create a setuid program helper that does just what you want to do and fork / exec your application. Then remove privileges in the child process. Both applications could exchange data through pipes, sockets, or the like.

Keep in mind that setuid programs pose a security risk, so you must be very careful when implementing.

+1

gpeche Sep 16 '10 at 13:08

source share

lorenzog · Accepted Answer · 2010-09-16T12:27:30+0000

I would write a separate program as a whole. Something like this philosophy . Basically, write a simple program that does exactly what you need and control its behavior with permissions on the file system. Mostly,

Make as little as possible in setuid programs.
The setuid program should work in a very dangerous environment: the user is under full control of his fds, args, environment, cwd, tty, rlimits, timers, signals, etc. Even worse, the list of monitored items varies from one UNIX provider to the next, so it is very difficult to write portable code that cleans everything up.
Of the twenty most recent sendmail security holes, eleven workers because the whole sendmail system is UIP.
Only one qmail program is setuid: Qmail queues. Its sole purpose is to add a new mail message to the outgoing queue.

AND,

Make root as small as possible.
The whole sendmail system works as root, so there is no way that its errors can be embedded in the operating system protection. In contrast, only two qmail programs, qmail-start and qmail-lspawn, run as root.

Programmatically request elevated privileges on Linux

More articles: