Hi Dieter,<br> I dont have a need to run all the external method as root, only some of them. For this what I was thinking was to introduce a new control apart from the regular ones. viz <br>id , title ,
Module Name and Function Name by name of 'Run as root', it would probably be a checkbox.Then at the point when external method code is executed I would check for the said control and if checked would get it executed as root.<br>
Can you telll me where should I look in the source(Code segment where external methods are loaded and executed)<br><br><div class="gmail_quote">On Tue, Apr 8, 2008 at 12:50 AM, Dieter Maurer <<a href="mailto:dieter@handshake.de">dieter@handshake.de</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">rishi pathak wrote at 2008-4-7 17:46 +0530:<br>
<div class="Ih2E3d">>There is a requirement for running some external methods as super user.<br>
>For this I thought of adding a new parameter.If set the code would be<br>
>executed with effective uid of root.<br>
<br>
</div>This is extremely dangerous.<br>
<br>
To run code as super user, you need to change the effective user id.<br>
Changing the effective user id affects the whole process -- not just<br>
the thread executing your external method.<br>
These things are very difficult to handle in a multi threaded environment,<br>
in general.<br>
Moreover, running internet driven code uncontrolled as super user<br>
is likely to be a big security risk.<br>
<br>
<br>
Let your application write some command to a queue and process<br>
the queue asynchronously. The processing can be performed as<br>
super user.<br>
<br>
If this is not possible, let your application communicate<br>
with another process which runs as super user -- and pass on<br>
synchronous commands from your application to this process.<br>
<br>
In both cases, it is ensured that only the restricted command<br>
set can be used to run something as super user -- and<br>
not some arbitrary code....<br>
<br>
<br>
<br>
--<br>
<font color="#888888">Dieter<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>Regards--<br>Rishi Pathak<br>National PARAM Supercomputing Facility<br>Center for Development of Advanced Computing(C-DAC)<br>Pune University Campus,Ganesh Khind Road<br>
Pune-Maharastra