On Wednesday, July 2, 2003, at 07:46 AM, Serge Knystautas wrote:
Santiago Gala wrote:I think a good equilibrium point between the "marketing" view of security (making sysadms trust) and purist java technical view would be to allow James not having to run as root under Unix (to handle protected ports like 25, 110, etc.) and then securing the rest of the processing through java security declarations.
Since people here know qmail and sendmail a lot better than I do... how do they bind to those ports without running as root?
By changing their id after they launch as root. setuid. Pretty common thing to do. See man setuid. There's some source code floating around the net to compile a native library for Java that will do a setuid for you... We wrote it back in the Java Web Server days so that we could start up on port 80 and then bounce to nobody (or whatever user you wanted).
It's f'ing insane that it's not a "standard" thing in the platform. There's zillions of audio things in there but not a good setuid. Feh.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
