On Thu, Mar 14, 2002 at 02:21:13PM +0200, Jarno Elonen wrote:
...
>
> I'm trying to make a shortcut/script/program that would start Kmail as
> another user (and thus open the corresponding mailbox) in my own KDE session
> without having to type in the password.
>
> My latest attempt was a 'SUID user2' program in C:
>
> Hinclude <unistd.h>
> int main () {
> putenv("HOME=/home/user2");
> system("/usr/bin/kmail");
> puts("Done.");
> }
>
> This apparently doesn't set all the environment variables correctly:
>
...
> Any better ideas on how to implement this?
...
HiI am sorry to say, that all the methods proposed on this thread are quite insecure, as they all allow user1 (and any virus/trojan programs running as user1) to perform any and all commands as user2. rsh, ssh and friends all do this explicitly. Your fine little program would be ok, if it did several extra steps (like setruid, setrgid, filtering the environment, etc.). Personally, I would recommend that you install super and add this to your super.tab user2mail "/usr/bin/kmail" nargs=0 u+g=user2 user1 also do # ln -s /usr/bin/super /usr/local/bin/user2mail then user1 can run KMail as user2 by simply running $ user2mail super does all the nasty security checks for you, without asking about passwords etc. The only security hole left is, that you can probably use the menus in KMail to run programs as user2. An entirely different option would be if kmail has a command to open additional mailbox files. Then you could place a line in /home/user2/.forward which moves all the mail to /home/user2/mailbox2, which you then grant user1 rw access to. Happy computing Jakob -- This message is hastily written, please ignore any unpleasant wordings, do not consider it a binding commitment, even if its phrasing may indicate so. Its contents may be deliberately or accidentally untrue. Trademarks and other things belong to their owners, if any.
pgpr2dM53TXbs.pgp
Description: PGP signature
