[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Porting ProcessTable.pm Security/Permission Woes
I have hit a wall porting the Proc::ProcessTable module. I am using the kvm
interface and after linking with -lkvm I have a working .so file. But it only
works when I chmod o+r /dev/mem /dev/kmem /dev/drum. I KNOW this is a problem
and am trying to find a way around it with a default install.
Basically I need my .so to have setgid(kmem) capability. So my questions is:
How can I have my .so be loaded by ld.so into another process(perl) and retain
the kmem group or ability to read as if it were in the kmem group? Is this
possible with some linker flags. I missed this on the man pages if so...
I also tried chmod 2777 and chown root:kmem on my .so file and tested that
which failed as expected. /usr/bin/perl run by a non-superuser can't setgid
to kmem and must ignore the file bits set on my .so in favor of my established
uid, euid, gid, and egid.
Any advice would be very appreciated. I'm stumped.