On Fri, 22 Feb 2002, Pier Fumagalli wrote: > >>> wheel ? The daemon requires using an init()-like method and a certain > >>> architecture - which the other solution doesn't. > >> > >> ? > >> I wonder what prevents you from having an empty init method, and then doing > >> whatever JNI calls you want suring start. > > > > Nothing - that's what I'm saying, both are good solutions and we > > shouldn't exclude one because the other does the same thing. > > That's whay _you_ say... I don't think they are _both_ good solutions... One > is nice, the other sucks (calling setuid() from Java is the sucky one)...
All other people developing servers seem to say the same thing as I do. And what sucks ( IMHO ) is the attitude 'my solution is perfect, all other suck, so my solution should be used exclusively' ( sort of what the IOC fanatics keep saying ) And that for something that has obvious limitations and doesn't provide too much extra security. The only thing that protects you is the sandbox, and most people are not using it. Without sandbox anyone hacking in a webapp can change server.xml, place code in common/, add a dummy connector with an init() doing 'rm -rf /' and restart the server. Not to mention the limitations in flexibility ( can you set the user in server.xml ? ). Forcing people to design their application in a certain way ( can it support 'trusted apps' acting as connectors ? ). Or start the server only through the daemon ( what if I want to use the wrapper, which today has a far better implementation ? ). The idea of changing the uid in a 'starter' program is not new - inetd is doing that for ages. Except that it also aquires the priviledged port and pass it to the app during the exec, it doesn't call any application code as root. And again all applications must be designed to support 'intetd' mode. I'm not saying it shouldn't be used - or that it sucks. It may have some uses. Even tought I can't find any - as long as you do execute init() as root, you get no security at all ( maybe an illusion ), and you replace a clean JNI ( java calling C is something reasonably easy ) with invocation API ( c->java), which is extremely tricky ( you must set LD_LIBRARY_PATH on certain systems/OSes, be very carefull with the signals, etc ). Costin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
