0

Has anyone ever thought about making a command under linux and modifying the extfs and operating structure of the kernel to FORCE a programs invocation to ALWAYS be run by a specific user account so you can sandbox the command but allow its invocation by any user ?

Comments
  • 0
    you know personally i think them being all mocking of jesus and religious organizations in the wrong way, as in they all pictures themselves as individual antichrists and fucking social predators, not laughing at specific things that are sensible, hopefully i hope all their exposure as they approach death slowly makes them think about the shit they done and feel that piercing deep sensation of panic which represents the fear of hell.
  • 0
    wonder when they'll do a study related to cause of reason to believe a person is going to hell or personally damned in some way or lifelong misery and the fervent near religious embrace of atheism.

    or how often atheists commit immoral actions even as they preach the opposite.

    yeah somehow i don't think not believing in a punishing god has made the fucking hypocrite effect any lessened.

    if anything they likely do worse shit because there is no afterlife in their view.
  • 0
    Its called setuid bit.
  • 0
    @stop yeah but does that limit the proggy or also allow the proggy to read the users data ?
  • 0
    @YouAllSuck the setuid bit informs the kernel that it needs to run as the owning user. an example is /bin/passwd. It runs are root to be able to modificate the userpassword. For security reasons scripts are exempt from that. Unless you have selinux active there should be nothing that hinders the program from accessing the files of an user.
  • 0
    @stop yes well that was the idea
    Put the program under another username so it can’t access YOUR files

    You’d have to copy over and change permissions of anything you create with the program

    But being able to do this from under your own user account without an explicit call
    To login from a terminal etc to sandbox the program that was the idea
  • 0
    @YouAllSuck The setuid bit can be used to force-switch to a less privileged user, however if you do so you will probably end up with no write access to $HOME which is often an unasserted dependency and makes programs crash in a nasty way.
  • 1
    @homo-lorens since no environment variable is reset.
Add Comment