Brian Candler wrote in post #955751:
> Guido De Rosa wrote in post #955389:
>>     File, FileUtils = DRbObject.new_with_uri(SERVER_URI)
>>   end
>>
>> but, again, It doesn't work:
>>
>>   client.rb:8:in `<module:Sudo>': can't convert DRb::DRbObject to Array
>>   (DRb::DRbObject#to_ary gives DRb::DRbUnknown) (TypeError)
>>   from client.rb:7:in `<main>'
>
> That's just a side-effect of the multiple-assignment syntax (implicit
> splat), which only works on real Arrays. Try instead:
>
>     front = DRbObject.new(...)
>     File = front[0]
>     FileUtils = front[1]

Yep. Thanks :-)

> Of course, you better be damned sure that your root DRb server is only
> accessible by trusted processes; by default, any user on your machine
> will be able to connect to it. (That's the reason I'd prefer to talk to
> the trusted process via a private pipe)

Yeah, nothing beats the security of anonymous, private pipe... Anyhow, I
set permissions of UNIX socket:

http://github.com/gderosa/rubysu/blob/5fab1503fdaac85cb3876b76cd16e3422e83df73/libexec/server.rb#L13

Moreover, I don't keep a SUID daemon running; instead my approach is
based on starting a DRb server on demand and kill it as soon as it's no
longer required.

This is not efficient, but imho there are no performance concerns here:
becoming root is something you do occasionally, this is not the
bottleneck.

The usage would look like this:

  Sudo::Wrapper.new do |su|
    # a sudoed DRb daemon is started under the hood...

    puts su[File].read '/etc/shadow' # only readable by root
    # ...

  end # the daemon is killed

Anyway, if you need a long running thing:

  su = Sudo::Wrapper.new

  su[an_object].method # acts as root

  # ...

  # ...

  su.close

> If you are sure you want a root DRb server, I'd be inclined to write one
> which exposes a limited set of methods and sanitises their arguments
> before doing anything with them (and possibly also requires
> authentication) - rather than giving carte-blanche access to File and
> FileUtils.

See above but, yes, there's a lot of work still TODO.

> If you are running on a Unix system, then another option you have is to
> open a file descriptor in one (trusted) process and pass that open file
> descriptor across a socket. That avoids having DRb proxy objects at all.
> Have a look at snailgun if you want some sample code which does that;
> grep for send_io and recv_io.

Very interesting, thanks! And I certainly need to study Unix IPC deeper
and deeper... :-)

-- 
Posted via http://www.ruby-forum.com/.