在 Linux 中以编程方式请求提升权限

发布于 2024-09-19 09:41:50 字数 535 浏览 13 评论 0原文

此问题具有相同的标题,但问题正文从脚本角度询问它,例如 su -c,不要将其欺骗)

我有一个 Qt GUI 应用程序,需要基于 /etc 执行一些文件操作用户输入。一种选择可能是将 system()sudo 一起使用,但即使这样也需要在某些时候弄乱 sudoers 文件。我也不想使用 system() 加脚本 hack 来修改文件,而是进行正确的文件操作。

以编程方式提升我的应用程序权限以执行此操作的最佳方式是什么?

编辑:作为奖励,如果它也适用于 Maemo/Meego/其他手持设备,那就太好了(据我所知,PolicyKit 不是那里不可用..)

(This question has identical title, but question body asks it in scripting point of view, e.g. su -c, don't dupe this to that)

I have a Qt GUI app that needs to perform some file operations in /etc based on user input. One option would probably to use system() with sudo, but even that requires messing with sudoers file in some point. I also would like not to do system() plus script hacks to modify the files, but proper file operations.

What is the best way to programmatically elevate my applications rights to do this?

Edit: as a bonus, it'd be nice if it would work on Maemo/Meego/other handhelds too (afaik PolicyKit isn't available there..)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

⊕婉儿 2024-09-26 09:41:50

我会完全编写一个单独的程序。与这个哲学类似。基本上 - 编写一个简单的程序来完全满足您的需要,并通过文件系统上的文件权限控制其行为。主要是,

在 setuid 程序中尽可能少做

setuid 程序必须在
非常危险的环境:用户处于
在其 fds 的完全控制下,
args、environ、cwd、tty、rlimits、
定时器、信号等等。更糟糕的是,
管制物品清单各不相同
从一个供应商的 UNIX 到下一个供应商的 UNIX,所以
编写可移植性非常困难
清理所有内容的代码。

最近二十个 sendmail
安全漏洞,仅十一个有效
因为整个sendmail系统是
setuid。

只有一个qmail程序被setuid:
qmail-队列。它的唯一目的是
将新邮件消息添加到外发邮件中
队列。

和,

作为 root 尽可能少做

整个sendmail系统运行如下
root,所以不可能是它
错误可以被捕获
操作系统内置的
保护。相比之下,只有两个
qmail 程序、qmail-start 和
qmail-lspawn,以 root 身份运行。

I would write a separate program altogether. Something along the lines of this philosophy. Basically - write a simple program that does exactly what you need, and control its behaviour with file permissions on the filesystem. Mainly,

Do as little as possible in setuid programs.

A setuid program must operate in a
very dangerous environment: a user is
under complete control of its fds,
args, environ, cwd, tty, rlimits,
timers, signals, and more. Even worse,
the list of controlled items varies
from one vendor's UNIX to the next, so
it is very difficult to write portable
code that cleans up everything.

Of the twenty most recent sendmail
security holes, eleven worked only
because the entire sendmail system is
setuid.

Only one qmail program is setuid:
qmail-queue. Its only purpose is to
add a new mail message to the outgoing
queue.

And,

Do as little as possible as root.

The entire sendmail system runs as
root, so there's no way that its
mistakes can be caught by the
operating system's built-in
protections. In contrast, only two
qmail programs, qmail-start and
qmail-lspawn, run as root.

我们的影子 2024-09-26 09:41:50

您可以使用PolicyKit,它正在逐渐取代gksu/su/sudo,特别是在Ubuntu上,因为它提高了操作而不是整个程序,因此具有更高的安全性和细粒度的控制。

You could use PolicyKit, which is gradually superseding gksu/su/sudo, especially on Ubuntu, for its higher security and fine-grained control because of elevating actions, not the whole program.

山色无中 2024-09-26 09:41:50

创建一个帮助器setuid 程序,它只执行您想做的事情,并且fork/exec 您的应用程序。然后删除子进程中的权限。两个应用程序都可以通过管道、套接字或类似的东西进行通信。

请记住,setuid 程序存在安全风险,因此在实施该程序时应非常小心。

Create a helper setuid program that does only the things you want to do, and fork / exec your application from it. Then drop privileges in the child process. Both applications could communicate over pipes, sockets, or something like that.

Have in mind that setuid programs are a security risk and so you should be very careful when implementing one.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文