Santiago Gala wrote:
I think a good equilibrium point between the "marketing" view of security (making sysadms trust) and purist java technical view would be to allow James not having to run as root under Unix (to handle protected ports like 25, 110, etc.) and then securing the rest of the processing through java security declarations.
Since people here know qmail and sendmail a lot better than I do... how do they bind to those ports without running as root?
It is done, AFAIK, having a small program running as root, which just opens the server socket(s), listens to them. Every time a connection is accepted, this driver forks and spawns a different program under lesser privileges, passing it the socket as file descriptor. (Don't take this as a precise description)
A small auxiliary process (a minimalistic and security conscious C program) doing this and using some kind of IPC to communicate with a James+JNI process could do the job in a way that is both portable and can be trusted by sysadms. Please correct me if I'm wrong, as I'm not a POSIX wizard at all. I don't know how much of this applies to Windows, although sandboxing Windows services does not look like a bad idea.
Similar to what Costin and Pier discussed about some days ago re: communicating Apache with Tomcat, in a thread named "How ASF membership works and what it means".
P.S.) ASF membership means you can speak about those difficult issues and (some) people will actually listen :-P (For those blunt enough, this is a disclaimer)
Regards -- Santiago Gala High Sierra Technology, S.L. (http://hisitech.com) http://memojo.com?page=SantiagoGalaBlog
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
