Xref: utzoo bit.listserv.aix-l:862 comp.unix.aix:5538
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!spool.mu.edu!uunet!odi!benson
From: benson@odi.com (Benson I. Margulies)
Newsgroups: bit.listserv.aix-l,comp.unix.aix
Subject: Re: granting privilege in a control environment
Message-ID: <1991Jun6.110404.29016@odi.com>
Date: 6 Jun 91 11:04:04 GMT
Article-I.D.: odi.1991Jun6.110404.29016
References: <91156.100819JOHNW@SLACVM.SLAC.STANFORD.EDU>
Reply-To: benson@odi.com (Benson I. Margulies)
Organization: Object Design Inc., Burlington, MA
Lines: 14

That's not how it works. What you want to do is write a setuid root
program that is willing to load kernel extensions. It would be most
unwise to just pass any old pathname along to sysconfig, unless yours
users are utterly trustworthy. I'd do the following:

create /usr/local/kx, mode 755, root owned.

install users kernel extension binaries into there after auditing the 
code.

write a setuid root program that took a name, and looked for
/usr/local/kx/NAME.ext, and loaded that iff it wasn't already loaded.
-- 
Benson I. Margulies