On Wed, Sep 13, 2000 at 05:55:58PM +0530, Santosh Dawara wrote:
> Hi all,
>
> In my earlier post I wrote >>
>
> > 1> Bind to the System Port I want to listen on
> > 2> Release Root Priveleges using JNI
> > 3> Begin accepting Client Connections.
> >
> > I have reservations about the steps above , will it really be as secure
> > as
> > a C application doing the same thing (ie becoming a daemon) or can JVM
> > be hiding something, which I am unable to pick up !
> > I have already Implemented the same.
>
> *Update*
> --------
> When JVM Loads the Pop Server for execution it 'forks' 4 processes,
You use 'forks' in quotes. Are they processes or threads? How were
they created?
Nathan
> one to handle the program itself and the other 3 to perform its
> internal book-keeping (I think), Now within the Server, I am calling
> setuid() to change EUIDS so that I can continue running as nobody
> after having 'bound' myself to the System Socket, since my Server
> had been 'forked' by JVM the change in EUID is confined to the Server
> only (obviously). The other 'processes' forked are still holding root
> privileges (which precisely is the itch).
>
> I did a 'netstat' for the Port I was listening on and verified that the
> Process listening on the particular port had indeed changed EUIDS and
> lost its root privileges. However when I used 'fuser' for the same tcp
> port I got the 4 processes of which 3 are root and one was nobody.
>
> Now I have serious reservations of the Server I am trying to Write.
> Would anybody know how I can get ALL the processes to drop their root
> priveleges ? This is really showing my 'greenness' in terms of writing
> a secure Java app for Linux.
>
> Thank you for your time and Patience .. Sorry I did not bring this
> up earlier, I could not have possibly known.
>
> > I have a few more questions, I hope you will take some time off to clear
> > them >>
> >
> > > I think that yau can do almost all or all in Java, without native code.
> >
> > Now I am really Interested :)
> >
> > > -First if you start the server from the SysV scripts you can simply use
> > > nohup(see man nohup) so you won't be associated with the terminal.
> >
> > > -I don't know any way of changing EUIDs of the JavaVM/separate thread in
> > > runtime, but you you can write your won SecurityManager( see the API
> > > spec./Tutorial for info & examples). IMHO this is very flexible. This will
> >
> > Could you please elaborate I am afraid I am not very clear about how
> > exactly you visualize this Implementation.
> >
> > > solve the problem with standard file descriptors too.
> > Are you talking about closing the Standard file descriptor for IO ?
> >
> > > -The problem with memory leaks is more difficult. I'm not conserced with the
> > > state of the current JDK - I don't now if or/and where it leaks. But if you
> > > mean leaks in your code maybe you could just have the critical memory collected
> > > by the GC. I mean remove the critical object(s)/thread(s) and instance new
> > > one(s).
> >
> > I was worried about the entire JVM but I guess I will put this issue on
> > the backburner for a while, I'll let the script wait on the POp Server
> > and then
> > have the Server serve n connections & exit itself, the script can then
> > restart it.
> >
> > Thank you for the feedback ...
> >
> > >
> > > Hope that helps.
> > >
> > > Yavor
> >
> > ----------------------------------------------------------------------
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
>
> ----------------------------------------------------------------------
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
----------------------------------------------------------------------
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
