Recent

Author Topic: calling internal procedures/functions with root rights - not external calls  (Read 3158 times)

ThomasK

  • New Member
  • *
  • Posts: 44
Hi,

is there a way to start pascal functions/procedures with root rights? I want to work with libsocketcan and some calls need root rights.

Thanks.
« Last Edit: June 09, 2021, 05:55:00 pm by ThomasK »
Started Pascal on a Siemens 4004/151 in 1977. TurboPascal 1.0 in 1984 on PC-Dos.

ccrause

  • Hero Member
  • *****
  • Posts: 591
Apparently not: https://stackoverflow.com/questions/60074468/elevate-privileges-of-running-process

One alternative may be to launch a process/daemon with the necessary privileges, then use some communication channel (e.g. socket) to request the privileged information from the user mode process.

Edit: OK, you mentioned no external calls, that seems to be a deal-breaker.

MarkMLl

  • Hero Member
  • *****
  • Posts: 4719
is there a way to start pascal functions/procedures with root rights? I want to work with libsocketcan and some calls need root rights.

Yes, you use POSIX capabilities. You need to add the necessary capabilities to the binary at the end of the build hence https://bugs.freepascal.org/view.php?id=38608 , and once you've opened the socket or whatever you're strongly advised to relinquish root and all extra capabilities so that an attacker can't exploit your code. A complicating factor is that since capabilities are stored in EAs, they're lost if a file is copied/moved/archived so will need to be reapplied, that might mean that the end-user will need root access to his system which might not always be available.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

ThomasK

  • New Member
  • *
  • Posts: 44
Understood.

So this is not a good idea.

Anyway, if everything in Linux is a file O:-), is there a way to grant the user root access rights to the 'file' canx?

Thanks and Best Regards,

Thomas
Started Pascal on a Siemens 4004/151 in 1977. TurboPascal 1.0 in 1984 on PC-Dos.

MarkMLl

  • Hero Member
  • *****
  • Posts: 4719
Understood.

So this is not a good idea.

It's a perfectly good idea, all you have to do is RTFM.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

lucamar

  • Hero Member
  • *****
  • Posts: 4219
Anyway, if everything in Linux is a file O:-), is there a way to grant the user root access rights to the 'file' canx?

Several but one of the more common us to make canx accessible to some group with the proper rights and make the user part of that group. Not a cup of tea, for normal "dummie" users, but relatively easy and less dangereous than making them 'sudo' to execute the program ;)
Turbo Pascal 3 CP/M - Amstrad PCW 8256 (512 KB !!!) :P
Lazarus/FPC 2.0.8/3.0.4 & 2.0.12/3.2.0 - 32/64 bits on:
(K|L|X)Ubuntu 12..18, Windows XP, 7, 10 and various DOSes.

MarkMLl

  • Hero Member
  • *****
  • Posts: 4719
Anyway, if everything in Linux is a file O:-), is there a way to grant the user root access rights to the 'file' canx?

Several but one of the more common us to make canx accessible to some group with the proper rights and make the user part of that group. Not a cup of tea, for normal "dummie" users, but relatively easy and less dangereous than making them 'sudo' to execute the program ;)

Agreed, which is where files installed in /etc/udev/rules.d come in. However that doesn't help for the creation of unix-domain sockets in /var/run, or the creation of low-numbered TCP or UDP ports... network resources (i.e. ports and interfaces) are of course completely out of the normal namespace.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

ThomasK

  • New Member
  • *
  • Posts: 44
I would be happy if I could do the following tasks with the application:
  • Start the interface
  • Stop the interface
  • Reset the interface
Since the Raspi would work headless, there is no need to be very flexible with the data rate.
I am no Linux guy at all, and also no C programmer so this is all very new to me.

I got canconfig to work, some commands need sudo some not, and I have no clue how to find out if there is data to retrieve from the input.

Also the response "ERROR_ACTIVE" for the interface beeing up but less than 96 errors is scary.
 
Since the application would be the "master" I would know when to poll, but this is weird. As far as I am concerned an eventhandler is a better solution.

About RTFM, there is a difference between a manual and a recipe (which I don't expect here, btw.)
A manual is like a standard, the smallest common base, created with minumum effort.
As cheap as possible and instead of having all information collected for the topic in the relevant chapter it points to other files, paragraphs etc. In some cases created by an algorithm.
Started Pascal on a Siemens 4004/151 in 1977. TurboPascal 1.0 in 1984 on PC-Dos.

MarkMLl

  • Hero Member
  • *****
  • Posts: 4719
About RTFM, there is a difference between a manual and a recipe (which I don't expect here, btw.)
A manual is like a standard, the smallest common base, created with minumum effort.
As cheap as possible and instead of having all information collected for the topic in the relevant chapter it points to other files, paragraphs etc. In some cases created by an algorithm.

Fine, so have you RTFMed yet? because I'm happy to talk you through code if it looks like you might use it, but have no intention of wasting my time if not.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

ThomasK

  • New Member
  • *
  • Posts: 44
I decided to do it using Tprocess.

I adapted the example in the Wiki and it works fine for me.
Since those commands are not required in a time critical path it is ok.

Code: Pascal  [Select][+][-]
  1. procedure TFCANTest.dothingsassudo(cmds2exec : string);
  2.   var
  3.     AProcess     : TProcess;
  4.     OutputLines  :  TStringList;
  5.  
  6. begin
  7.     OutputLines := TStringList.Create;
  8.     AProcess    := TProcess.Create(nil);
  9.     AProcess.Executable := '/bin/sh';
  10.     AProcess.Parameters.Add('-c');
  11.     AProcess.Parameters.Add(cmds2exec);
  12.     AProcess.Options := AProcess.Options + [poWaitOnExit, poUsePipes];
  13.     AProcess.Execute;
  14.     OutputLines.LoadFromStream(Aprocess.Output);
  15.     if length(Outputlines.text)>0 then
  16.       FCANTest.mlog.lines.addstrings(Outputlines.text);
  17.     OutputLines.LoadFromStream(AProcess.Stderr);
  18.     if length(Outputlines.text)>0 then
  19.       FCANTest.mlog.lines.addstrings(Outputlines.text);
  20.     AProcess.Free;
  21.     OutputLines.Free;
  22. end;  
  23.  

I can parse the output / error strings if necessary or display them only. Right now, it was just a proof of concept to communicate using CAN.

Thomas
Started Pascal on a Siemens 4004/151 in 1977. TurboPascal 1.0 in 1984 on PC-Dos.

 

TinyPortal © 2005-2018