I've whipped up a new program called `fakeauth', in utils/fakeauth.c (and with some nontrivial makefile rules to build everything it needs). Again, this compiles but is wholly untested.
The idea here is that you run "fakeauth command ...", and it runs "command" with a bogus auth port that claims to be root. How this works is that fakeauth acts as a proxy auth server. The child process is run with a new auth port that is maintained by fakeauth. When fakeauth gets auth handshake RPCs on this port, it just passes them along to the real auth port that fakeauth started with. That means that to all other processes in the system the fakeauth child acts just like a normal process authenticated as the user who ran fakeauth. However, auth_getids and auth_makeauth calls made on the fake auth handle do not go through to the real auth server. Instead, fakeauth provides a private fantasy universe of uids and gids where it behaves as the real auth server would if your original handle had the root IDs. That is, auth_getids on the initial handle reports real and effective uid and gid of 0. auth_makeauth on that lets you create new handles with any IDs you like, just like root can with the real auth server. As with real auth handles, these new handles then return for getids the IDs you chose in makeauth, and makeauth calls on a new handle is constrained to select IDs permitted by that (fake) handle. Note that this will give programs the impression that setuid et al work normally to constrain permissions, but in actuality all authentications with the rest of the system will use the fakeauth process's original auth handle with its original IDs. So, for example, running "su joebob" under fakeauth would succeed and whoami will report "joebob", but anything done with the supposed "joebob" identity will actually happen with your original identity and full privileges (i.e. anything the process that ran fakeauth could do). _______________________________________________ Bug-hurd mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-hurd
