Professional Web Applications Themes

impersonating ruby - Ruby

Hi, can I somehow change a ruby interpreters uid from 0 to something and then back again? I intend to write a little program, wich traverses all users dirs and 'executes' whatever a user has written in his conf-file but in the context of the corresponding user. What is the ruby mehtod to accomplish that? Reinvoking my script?...

  1. #1

    Default impersonating ruby

    Hi,
    can I somehow change a ruby interpreters uid from 0 to something and
    then back again?

    I intend to write a little program, wich traverses all users dirs and
    'executes' whatever a user has written in his conf-file but in the
    context of the corresponding user.

    What is the ruby mehtod to accomplish that?

    Reinvoking my script?
    Robert Guest

  2. #2

    Default Re: impersonating ruby

    il Fri, 06 Feb 2004 00:30:25 +0100, "Robert K." <de> ha
    scritto::
     


    maybe:
    Process.uid= newuid
    could work?
    gabriele Guest

  3. #3

    Default Re: impersonating ruby

    On Fri, 6 Feb 2004, Robert K. wrote:
     

    it's tricky. you need a setuid binary (cannot be a script). to accomplish
    something very similar to this i had created a c program that runs ruby as
    another user (backend db updates for web processs). it's not _exactly_ what
    you want since it runs as a specific user, but it's a very simple (dangerous)
    c program which you could modify to accomplish this. keep in mind that, once
    you setuid to a non-privledged user you can't get back! i think you may be
    able to get around this by fork/exec'ing somehow - but perhaps not.

    the best way might be to crawl the dirs using one script (privledged for read
    access) and then launch one as a child process for each user dir...

    get it from

    http://raa.ruby-lang.org/list.rhtml?name=setuidruby

    -a
    --

    ATTN: please update your address books with address below!

    ================================================== =============================
    | EMAIL :: Ara [dot] T [dot] Howard [at] noaa [dot] gov
    | PHONE :: 303.497.6469
    | ADDRESS :: E/GC2 325 Broadway, Boulder, CO 80305-3328
    | STP :: http://www.ngdc.noaa.gov/stp/
    | NGDC :: http://www.ngdc.noaa.gov/
    | NESDIS :: http://www.nesdis.noaa.gov/
    | NOAA :: http://www.noaa.gov/
    | US DOC :: http://www.commerce.gov/
    |
    | The difference between art and science is that science is what we
    | understand well enough to explain to a computer.
    | Art is everything else.
    | -- Donald Knuth, "Discover"
    |
    | /bin/sh -c 'for l in ruby perl;do $l -e "print \"\x3a\x2d\x29\x0a\"";done'
    ================================================== =============================

    Ara.T.Howard Guest

  4. #4

    Default Re: impersonating ruby

    On Feb 5, 2004, at 3:35 PM, Robert K. wrote:
     
    I may be wrong, but I think you can't do this in pure ruby. You'll need
    outside utils of some sort.
     

    I would do something like this:

    if Process.uid == 0
    # find each conf file and run this with
    # it's associated filename and username:
    `sudo -u #{username} #{File.expand_path $0} #{filename}`
    else # it's not root; the you need to p the conf file
    # get the filename
    filename = ARGV.unshift
    # process the file...
    end

    This is, of course, assuming that you are on a *nix based system.

    cheers,
    mark



    Mark Guest

  5. #5

    Default Re: impersonating ruby

    OK, it could have been so easy by just trying it out:

    With Process.uid a script can change and read it's uid as it likes to.
    If ruby has uid=0, there are no boreders. The script gets up and down
    to 0 again. Else the script is forbidden to change to 0

    Robert K. schrieb:
     
    Robert Guest

Similar Threads

  1. ASP.Net not impersonating for WSE 2.0
    By Francois in forum ASP.NET Web Services
    Replies: 3
    Last Post: December 1st, 12:33 AM
  2. ASP.Net not impersonating for WSE 2.0 AuthenticateToken method
    By Francois in forum ASP.NET Web Services
    Replies: 0
    Last Post: November 12th, 09:09 PM
  3. HELP WITH IMPERSONATING
    By u_heet in forum ASP.NET Security
    Replies: 0
    Last Post: September 27th, 05:17 PM
  4. ASP.NET Impersonating a Certain User At Run time
    By TK in forum ASP.NET Security
    Replies: 0
    Last Post: July 16th, 12:49 AM
  5. Who am I impersonating?
    By Gary Bagen in forum ASP.NET Security
    Replies: 4
    Last Post: February 28th, 10:28 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139