LAGRO_4%HWALHW5.BITNET@wiscvm.wisc.EDU (07/25/87)
Wageningen 24-juli-87
Hello,
We've got a problem. On our Unix system (an IRONICS IV-1600/S)
we use some add on boards for the image processing part we are
working on. In order to acces these boards, we map them in our
virtual memoryspace with the PHYS-call.
Here we run into our problem:
In order to use phys, one should be a super-user.
This is -even on our small system- an unwanted situation.
At the moment everyone who is developing software for the image-proc.-
part is working as root.
We would like a situation where everyone could work from his own
account, using an other program which has SU-priv. and is called by
his new program.
In the other program -running with SU-priv- the wanted phys action can
be taken.
One of the sollutions whe have looked at was executing a program through
a system-call (a C-function), but here the user got all privilige,
or the setting didn't work.
Here follow some example's of our attemps:
example 1.
/*******************************************************************/
/* TEST.C this program does a phys action. It is compiled by the */
/* root, and is SET-USER-ID is set. */
/*******************************************************************/
main()
{
int phys();
if ( phys( 0, 0x500000, 0x40000, 0x500000) == -1)
{
printf ("test-file -- phys error \n\n");
exit (-1);
}
exit (0);
} /* end of TEST.C */
The calling program of the user could look like this :
/*****************************************************************/
/* TEST2.C this program preforms some acces to the virtual mem. */
/* It is made and compiled by the user. */
/* It will call the TEST.X program to preform the phys action. */
/*****************************************************************/
main()
{
/*var*/
char *pixpoint;
int i;
/* execute the phys-action through TEST.X */
if ( system("test.x") == -1 )
{
/* error phys */
printf (" -- -- phys abortion. \n\n");
exit (-1);
}
printf (" -- -- phys succes. \n");
/* now acces the display, change a bit */
i = 0x500000 + 10*512; /* regel 10 */
pixpoint = (char *)i; /* idem */
pixpoint = ~pixpoint;
exit(0);
} /* end of TEST2.C */
This doesn't work, because TEST.X is executed in a different shell,
which is abandonded before the execution of TEST2.X is resumed.
A "."-command only works with shell-commands, not with binary-files.
TEST.X with in it the phys-action runs correctly, but TEST2.X doesn't
know anything of it.
Example 2:
/*********************************************************************/
/* PHYS.C this program is compiled by the root and has its SET-USER- */
/* ID set. It call's it's argument by means of the system-call. The */
/* program it will execute in that way has no special protection's */
/*********************************************************************/
main (argc,argv)
char *argv[];
int argc;
{
int phys();
if ( argc != 2)
{
printf (" phys-error -- usage: phys program \n\n");
exit (0);
}
if ( phys( 0, 0x500000, 0x40000, 0x500000) == -1)
{
printf ("phys -- phys error \n\n");
exit (-1);
}
else /* succes code, call user program */
{
printf ("phys -- phys succes \n");
if (system (argv[1]) == -1)
{
printf (" phys -- system error \n");
exit (-1);
}
else
{
printf (" phys -- system succes \n");
}
}
exit (0);
}
When we use it in this way, every thing will work fine but...
the user program which is executed in this way runs totaly
under SU. He can even start a shell, having Root priviliges.
sincerly,
Willy Geraets. (LAGRO_4@HWALHW5.BITNET)