DragonFly On-Line Manual Pages

Search: Section:  

PRIV_EXECVE(3)                    Subroutines                   PRIV_EXECVE(3)


NAME

       priv_execve - execute program as a given user and in a given chroot
       jail


SYNOPSIS

       #include <privman.h>

       int priv_execve(const char *program, char * const argv[], const * const
       envp[], const char * userconst char *chroot);


DESCRIPTION

       priv_execve() executes the program pointed to by program.

       See execve(2) for more details about the program, argc, and envp
       parameters.

       As an important note, the execve will actually occur in a new slave
       process, so changes made to the process context in the local process,
       like limits, will not affect it.  The new program will not have any
       access to the privilege manager, although if the user provided to
       priv_execve is "root" that little detail won't be relevant.

       program must be in the name-space provided by chroot as the execve call
       is made after the chroot call.  chroot should be an absolute path.
       Setting up a proper chroot jail for the process to run is is not
       simple, as the process must also be able to link inside the jail.  If
       NULL is passed as chroot, the directory "/" will be used.

       user will be looked up via getpwent, and so should probably be in the
       password file.  The user is looked up before the chroot.  If NULL is
       passed as user, the user default unprivileged user (normally "nobody")
       will be used.


FILES

       ${prefix}/etc/privman.d/ appname
              The application's configuration file.  See privman_conf(5) for
              more details.  To use priv_execve , the configuration file will
              have to set allow_rerun to a true value.

              The configuration file will also need to list any target users
              in run_as user statements.


BUGS

       Given the issues in verifying the arguments, then executing, race
       conditions are likely.  The method should fail (causing the program to
       exit) if the environment changes unsuitably rather than give up
       privilege, but the method will be unable to return an error code to the
       calling process.


TODO

       Remove this method.


AUTHOR

       Network Associates. Send email to <privman@nailabs.com>


SEE ALSO

       priv_bind(3) priv_daemon(3) priv_fopen(3) priv_fork(3) priv_init(3)
       privman_conf(5) priv_open(3) priv_pam(3) priv_rerunas(3) privman(7)

Unix                            SEPTEMBER 2002                  PRIV_EXECVE(3)

Search: Section: