Purpose: to investigate issues relating to writing set-userid Tk applications.
Here's a simple set-userid application that I'm using as a demonstration of the machinations one has to go through to get this stuff to work..
The problem is this - when Tk is first loaded (by wish or by a load command), the code makes an attempt to connect to the user's DISPLAY. By default, Tk requires a secure xauth'ed X session, due to the Tk "send" capability under X. Thus, a set-userid application can't get in while the security is in place. Rather than turn off security and risk breeches, the following technique allows one to, in one application, do some set-userid work and then turn off the set-userid nature of the application.
$ cat setuid.sh #! /bin/sh /usr/tcl83/bin/tclsh /home/lwv26/setuid.tcl $ cat setuid.tcl #!/bin/sh # \ exec /usr/tcl83/bin/tclsh "$0" ${1+"$@"} package require Tclx set i [info loaded] puts $i set efd1 [open "/tmp/effective" "w"] puts $efd1 "output" close $efd1 # A file owned by the effective user id was just created # Now, change users so that Tk can be done. set effective [id effective userid] set real [id userid ] puts "Before: realid = $real effectiveid = $effective" id userid $real puts "After: realid = $real effectiveid = $effective" load /usr/tcl83/lib/libtk8.3.so proc quitApp { args } { puts [format "%s" $args] set ::forever 1 exit 0 } set res [wm protocol . WM_DELETE_WINDOW quitApp] puts $res button .b -text 0 -command {.b config -text [expr [.b cget -text]+1]} pack .b ;#RS vwait ::forever puts "All done now" $ su differentuid Password: % chmod 4755 setuid.sh $ $ /home/lvirden/setuid.sh Before: realid = 203 effectiveid = 3750 After: realid = 203 effectiveid = 3750
followed by the appearance of a button. Attempts to close out the button just result in output to stdout and the button continuing.
I'd love to hear from you on what else I need to consider, and how we could make this much less painful.
See also Using Tk as a loadable package, which claims that the vwait and setting of ::forever code could be dropped under Tcl 8.4.