I have program, say name giverootAccess. This program can receive a file name in the current directory (where giverootAccess resides) as a command-line argument. Then the file will get the root access. The file can be an executable or a shell script.
Now the problem is that, A hacker can get root access by redirecting the request to bash. I want to restrict a user to give root access only on those files inside the directory where giverootAccess resides. hacker can redirect file name to unwanted programs and hence get the root permission.
So I need a mechanism to uniquely identify a file, not by its name (as it can be mimicked and hacked). Is inode can be used for this purpose?
My plan is, when the application installs, I will store the inodes of all the files in the directory and whenever somebody runs the giverootAccess with a file name, I will check the file name and its inodes are matching with stored one. If matching, then only giverootAccess program actually give root access to the file.
Do you have any other simple mechanism to do this job ?
You can use file descriptor to get the inode number, use this code :
fstat is a system call that is used to determine information about a file based on its file descriptor. It is described here
stat is a structure that contains meta information of a file and is described here
to use stat structure and fstat system call you should add
#include <sys/stat.h>
to your code.You can find the inode number of a file using stat: http://linux.die.net/man/2/stat