Hi all,
In my earlier post I wrote >>
> 1> Bind to the System Port I want to listen on
> 2> Release Root Priveleges using JNI
> 3> Begin accepting Client Connections.
>
> I have reservations about the steps above , will it really be as secure
> as
> a C application doing the same thing (ie becoming a daemon) or can JVM
> be hiding something, which I am unable to pick up !
> I have already Implemented the same.
*Update*
--------
When JVM Loads the Pop Server for execution it 'forks' 4 processes,
one to handle the program itself and the other 3 to perform its
internal book-keeping (I think), Now within the Server, I am calling
setuid() to change EUIDS so that I can continue running as nobody
after having 'bound' myself to the System Socket, since my Server
had been 'forked' by JVM the change in EUID is confined to the Server
only (obviously). The other 'processes' forked are still holding root
privileges (which precisely is the itch).
I did a 'netstat' for the Port I was listening on and verified that the
Process listening on the particular port had indeed changed EUIDS and
lost its root privileges. However when I used 'fuser' for the same tcp
port I got the 4 processes of which 3 are root and one was nobody.
Now I have serious reservations of the Server I am trying to Write.
Would anybody know how I can get ALL the processes to drop their root
priveleges ? This is really showing my 'greenness' in terms of writing
a secure Java app for Linux.
Thank you for your time and Patience .. Sorry I did not bring this
up earlier, I could not have possibly known.
> I have a few more questions, I hope you will take some time off to clear
> them >>
>
> > I think that yau can do almost all or all in Java, without native code.
>
> Now I am really Interested :)
>
> > -First if you start the server from the SysV scripts you can simply use
> > nohup(see man nohup) so you won't be associated with the terminal.
>
> > -I don't know any way of changing EUIDs of the JavaVM/separate thread in
> > runtime, but you you can write your won SecurityManager( see the API
> > spec./Tutorial for info & examples). IMHO this is very flexible. This will
>
> Could you please elaborate I am afraid I am not very clear about how
> exactly you visualize this Implementation.
>
> > solve the problem with standard file descriptors too.
> Are you talking about closing the Standard file descriptor for IO ?
>
> > -The problem with memory leaks is more difficult. I'm not conserced with the
> > state of the current JDK - I don't now if or/and where it leaks. But if you
> > mean leaks in your code maybe you could just have the critical memory collected
> > by the GC. I mean remove the critical object(s)/thread(s) and instance new
> > one(s).
>
> I was worried about the entire JVM but I guess I will put this issue on
> the backburner for a while, I'll let the script wait on the POp Server
> and then
> have the Server serve n connections & exit itself, the script can then
> restart it.
>
> Thank you for the feedback ...
>
> >
> > Hope that helps.
> >
> > Yavor
>
> ----------------------------------------------------------------------
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
----------------------------------------------------------------------
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
