i have dynamically linked libraries protect unauthorized users. cannot use groups / acls this. have list of licensed users , can yes/no @ runtime whether given uid authorized. linux , gcc/clang, if matters.
it takes bit of work it's doable , still considered dynamic:
make main program setuid-root (or grant cap_dac_override capability program -- see
capabilities(7))when program executed, runtime authorization check
if user authorized, use
dlopen(along root/dac_override) load libraries. need usedlsymfind/resolve symbols need library.drop capability and/or revert uid best security.
(all being said, using group id simpler. can grant group membership users considered authorized.)
Comments
Post a Comment