impersonating ruby

[Robert K.]

Hi,
can I somehow change a ruby interpreters uid from 0 to something and
then back again?

I intend to write a little program, wich traverses all users dirs and
'executes' whatever a user has written in his conf-file but in the
context of the corresponding user.

What is the ruby mehtod to accomplish that?

Reinvoking my script?

 

[gabriele renzi]

Hi,
can I somehow change a ruby interpreters uid from 0 to something and
then back again?

maybe:
Process.uid= newuid
could work?

 

[Ara.T.Howard]

Date: Fri, 06 Feb 2004 00:30:25 +0100
From: Robert K. <[email protected]>
Newsgroups: comp.lang.ruby
Subject: impersonating ruby

Hi,
can I somehow change a ruby interpreters uid from 0 to something and
then back again?

I intend to write a little program, wich traverses all users dirs and
'executes' whatever a user has written in his conf-file but in the
context of the corresponding user.

What is the ruby mehtod to accomplish that?

Reinvoking my script?

it's tricky. you need a setuid binary (cannot be a script). to accomplish
something very similar to this i had created a c program that runs ruby as
another user (backend db updates for web processs). it's not _exactly_ what
you want since it runs as a specific user, but it's a very simple (dangerous)
c program which you could modify to accomplish this. keep in mind that, once
you setuid to a non-privledged user you can't get back! i think you may be
able to get around this by fork/exec'ing somehow - but perhaps not.

the best way might be to crawl the dirs using one script (privledged for read
access) and then launch one as a child process for each user dir...

get it from

http://raa.ruby-lang.org/list.rhtml?name=setuidruby

-a
--

ATTN: please update your address books with address below!

===============================================================================
| EMAIL :: Ara [dot] T [dot] Howard [at] noaa [dot] gov
| PHONE :: 303.497.6469
| ADDRESS :: E/GC2 325 Broadway, Boulder, CO 80305-3328
| STP :: http://www.ngdc.noaa.gov/stp/
| NGDC :: http://www.ngdc.noaa.gov/
| NESDIS :: http://www.nesdis.noaa.gov/
| NOAA :: http://www.noaa.gov/
| US DOC :: http://www.commerce.gov/
|
| The difference between art and science is that science is what we
| understand well enough to explain to a computer.
| Art is everything else.
| -- Donald Knuth, "Discover"
|
| /bin/sh -c 'for l in ruby perl;do $l -e "print \"\x3a\x2d\x29\x0a\"";done'
===============================================================================

 

[Mark Hubbart]

Hi,
can I somehow change a ruby interpreters uid from 0 to something and
then back again?

I may be wrong, but I think you can't do this in pure ruby. You'll need
outside utils of some sort.

I intend to write a little program, wich traverses all users dirs and
'executes' whatever a user has written in his conf-file but in the
context of the corresponding user.

What is the ruby mehtod to accomplish that?

Reinvoking my script?

I would do something like this:

if Process.uid == 0
# find each conf file and run this with
# it's associated filename and username:
`sudo -u #{username} #{File.expand_path $0} #{filename}`
else # it's not root; the you need to parse the conf file
# get the filename
filename = ARGV.unshift
# process the file...
end

This is, of course, assuming that you are on a *nix based system.

cheers,
mark

 

[Robert K.]

OK, it could have been so easy by just trying it out:

With Process.uid a script can change and read it's uid as it likes to.
If ruby has uid=0, there are no boreders. The script gets up and down
to 0 again. Else the script is forbidden to change to 0