Some methods in file ioslave, `FileProtocol::copy` and FileProtocol::put to be precise, use file descriptor of source and destination filesWhen reading or writing a file with elevated privileges the helper will
open the required file (with elevated privileges) and it will share the
open file descriptor with file ioslave. So performing any these operations as root user using kauth's helper requires the source or destination file to be opened inside the helper and sending the file descriptor back to ioslave using a suitable IPC mechanism.
My patch does the task using unix local domain socket.ince the file referred to by the
shared file descriptor was opened by a privileged process, In principal dbus can also be used. The sequence would be, registering service in ioslave, setting `euid` of the helper process and sending the file descriptor over user's session bus.file ioslave
which is a normal user process will be able to modify the file.
This patch adds two classes, I tried it but the code turned out messyFdSender and FdReceiver. In the end it was somewhat a personal preference.
There are certain things I would like to know regarding this patch,And as their
In this patch I used the abstract namespace. It will work with linux but I don't know about mac os or bsd. So what to use for them?name suggest they facilitate sending and receiving of an open file
In place of unix sockets, dbus can also be used. So shall i use it ? I am aware there are security issues with both the approaches but using which one of them is less riskier?descriptor between a privileged and a normal process.