Impersonating ruby

Hi,
can I somehow change a ruby interpreters uid from 0 to something and
then back again?

I intend to write a little program, wich traverses all users dirs and
’executes’ whatever a user has written in his conf-file but in the
context of the corresponding user.

What is the ruby mehtod to accomplish that?

Reinvoking my script?

maybe:
Process.uid= newuid
could work?

···

il Fri, 06 Feb 2004 00:30:25 +0100, “Robert K.” anon@nospam.de ha scritto::

Hi,
can I somehow change a ruby interpreters uid from 0 to something and
then back again?

it’s tricky. you need a setuid binary (cannot be a script). to accomplish
something very similar to this i had created a c program that runs ruby as
another user (backend db updates for web processs). it’s not exactly what
you want since it runs as a specific user, but it’s a very simple (dangerous)
c program which you could modify to accomplish this. keep in mind that, once
you setuid to a non-privledged user you can’t get back! i think you may be
able to get around this by fork/exec’ing somehow - but perhaps not.

the best way might be to crawl the dirs using one script (privledged for read
access) and then launch one as a child process for each user dir…

get it from

http://raa.ruby-lang.org/list.rhtml?name=setuidruby

-a

···

On Fri, 6 Feb 2004, Robert K. wrote:

Date: Fri, 06 Feb 2004 00:30:25 +0100
From: Robert K. anon@nospam.de
Newsgroups: comp.lang.ruby
Subject: impersonating ruby

Hi,
can I somehow change a ruby interpreters uid from 0 to something and
then back again?

I intend to write a little program, wich traverses all users dirs and
‘executes’ whatever a user has written in his conf-file but in the
context of the corresponding user.

What is the ruby mehtod to accomplish that?

Reinvoking my script?

ATTN: please update your address books with address below!

===============================================================================

EMAIL :: Ara [dot] T [dot] Howard [at] noaa [dot] gov
PHONE :: 303.497.6469
ADDRESS :: E/GC2 325 Broadway, Boulder, CO 80305-3328
STP :: Solar-Terrestrial Physics Data | NCEI
NGDC :: http://www.ngdc.noaa.gov/
NESDIS :: http://www.nesdis.noaa.gov/
NOAA :: http://www.noaa.gov/
US DOC :: http://www.commerce.gov/

The difference between art and science is that science is what we
understand well enough to explain to a computer.
Art is everything else.
– Donald Knuth, “Discover”

/bin/sh -c ‘for l in ruby perl;do $l -e “print "\x3a\x2d\x29\x0a"”;done’
===============================================================================

Hi,
can I somehow change a ruby interpreters uid from 0 to something and
then back again?
I may be wrong, but I think you can’t do this in pure ruby. You’ll need
outside utils of some sort.

I intend to write a little program, wich traverses all users dirs and
‘executes’ whatever a user has written in his conf-file but in the
context of the corresponding user.

What is the ruby mehtod to accomplish that?

Reinvoking my script?

I would do something like this:

if Process.uid == 0
# find each conf file and run this with
# it’s associated filename and username:
sudo -u #{username} #{File.expand_path $0} #{filename}
else # it’s not root; the you need to parse the conf file
# get the filename
filename = ARGV.unshift
# process the file…
end

This is, of course, assuming that you are on a *nix based system.

cheers,
mark

···

On Feb 5, 2004, at 3:35 PM, Robert K. wrote:

OK, it could have been so easy by just trying it out:

With Process.uid a script can change and read it’s uid as it likes to.
If ruby has uid=0, there are no boreders. The script gets up and down
to 0 again. Else the script is forbidden to change to 0

Robert K. schrieb:

···

Hi,
can I somehow change a ruby interpreters uid from 0 to something and
then back again?

I intend to write a little program, wich traverses all users dirs and
‘executes’ whatever a user has written in his conf-file but in the
context of the corresponding user.

What is the ruby mehtod to accomplish that?

Reinvoking my script?