granting privilege in a control environment
Benson I. Margulies
benson at odi.com
Thu Jun 6 21:04:04 AEST 1991
That's not how it works. What you want to do is write a setuid root
program that is willing to load kernel extensions. It would be most
unwise to just pass any old pathname along to sysconfig, unless yours
users are utterly trustworthy. I'd do the following:
create /usr/local/kx, mode 755, root owned.
install users kernel extension binaries into there after auditing the
code.
write a setuid root program that took a name, and looked for
/usr/local/kx/NAME.ext, and loaded that iff it wasn't already loaded.
--
Benson I. Margulies
More information about the Comp.unix.aix
mailing list