|
Click to See Complete Forum and Search --> : Need user to be able to run insmod/rmmod --how? suid?? kuber 10-02-2001, 08:16 PM I would like users to be able to run insmod and rmmod. How can I do this? Do I need to make insmod/rmmod suid? Does this just mean that while running the command the user has root permissions? If so, how can I set this up? Thanks, Kuber error27 10-02-2001, 11:27 PM You could use sudo. But out of curiosity, why would you want this? There is almost certainly a better way. The Anti-Void 10-02-2001, 11:29 PM As root use this command: chmod 4755 /sbin/insmod /sbin/rmmod This will set the binaries as suid root. A normal user should be able to use them now. This is most likely a horrible security risk though. kuber 10-03-2001, 12:32 AM Why would this be a sec risk? Sure, someone could turn off my soundcard, but they couldn't do anything serious to my system, right? bdl 10-03-2001, 01:39 AM Originally posted by kuber: <STRONG>Why would this be a sec risk? Sure, someone could turn off my soundcard, but they couldn't do anything serious to my system, right?</STRONG> Giving ANY user access to change the kernel is a big no-no. This is one way people get rooted. Use sudo. Craig McPherson 10-03-2001, 01:48 AM It would take five minutes to write a kernel module that would say "give root to user #212" or whatever. Users would be able to selectively modify any part of the kernel at will, giving themselves full root authority, giving themselves raw access to the disk device ... anything. The kernel is the very core of the OS, and all other security is based on the assumption that the kernel is secure. With access to the kernel, a person has access to literally everything else. kuber 10-03-2001, 02:32 AM I see. Thanks for the explanation Craig. kuber 10-03-2001, 02:41 AM One last q- Can you just make a module and run it on any kernel? I always thought you had to compile the kernel, make/install the modules and those were the only ones that would work. You could actually add a new module and use it? Thanks, kuber Craig McPherson 10-03-2001, 02:48 AM Assuming the module is compatible with the kernel (a module written for kernel 2.2 is very likely not to work with 2.4), it doesn't matter. The whole point of modules is that they're modular -- if you had to recompile the kernel to add a module, that would rather defeat the purpose of modules to begin with. kuber 10-03-2001, 02:55 AM Hmm.. Looks like I will just make these features built-in. Thanks justlinux.com
Copyright Internet.com Inc. All Rights Reserved. |
|