[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] Pgetauid/Psetauid



Hi,

> /* tesche: audit user id functions, these id's never change once set to != 0
>  * and can therefore be used to determine who the initially logged in user was.
>  */
> 
> long _cdecl
> p_getauid (void)
> {
> 	return curproc->auid;
> }
> 
> long _cdecl
> p_setauid (int id)
> {
> 	if (curproc->auid)
> 		return EACCES;	/* this may only be changed once */
> 
> 	return (curproc->auid = id);
> }
> 
> Am I missing something here? IMHO this is plain nonsense and cannot work.

Hm, perhaps I am missing something, but in my understanding it is intended
to work this way:

- login calls Psetauid() once the userid has been determined
- if the user switches to another uid (except root), the auid remains
intact, so reading
it we can determine (and write to logs) what is the original uid of the
user (i.e. the uid originally attributed to the user when he logged in for
the first time to start the current session).

Of course, this has to be supported by software (login, su at least) and
of course, the auid should be inherited by child processes.

Gtx,

--
Konrad M.Kokoszkiewicz
|mail: draco@atari.org                  |  Atari Falcon030 user   |
|http://www.obta.uw.edu.pl/~draco/      | Moderator gregis LATINE |
|http://draco.atari.org                 |       (loquentium)      |

** Ea natura multitudinis est,
** aut servit humiliter, aut superbe dominatur (Liv. XXIV,25)
*************************************************************
** U pospolstwa normalne jest, ze albo sluzy ono unizenie,
** albo bezczelnie sie panoszy.