Pier Fumagalli wrote: > > "jean-frederic clere" <[EMAIL PROTECTED]> wrote: > > > Remy Maucherat wrote: > >> > >>> "Patrick Luby" <[EMAIL PROTECTED]> wrote: > >>> > >>>> Remy, > >>>> > >>>> This is great news! > >>>> > >>>> I scanned through the Unix code and noticed that it uses the chmod'ing > >>>> executables with setuid bits instead of performing a JNI call to the > >> setuid() > >>>> and seteuid() C functions before and after binding of a ServerSocket > >> (i.e. the > >>>> place you should need root access if you are binding to ports 1 through > >> 1024). > >>>> This type of approach eliminates the need for a controller and slave > >> process. > >>> > >>> Then it's not my code... My code was written using setuid() and > >> seteuid()... > >>> Actually, the copy I have here also supports CHROOTING of the whole JVM > >>> process, and real/effective group switching (as we say in Italy, "'na > >> botte > >>> de fero"). > >> > >> There weren't 10 different copies of that code. Just one in j-t-s ;-) > >> Obviously, I couldn't have written it myself. > > > > That Pier's code (in jakarta-commons-sandbox/daemon/src/native/unix/native). > > Where is the chmod()? > > The idea of making setuid() and setgid() from the JVM is also possible - I > > will > > try it - > > There are way-too-many copies in way-too-many places (three found so far on > CVS... Shaitz!)... Bah, my fault!!$!^@$(U#!@$%*(@&#$%!)*&%!
Creative Chaos! > > Pier > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
