Re: Writing A Java Pop Server for Linux
Hi Yavor and everybody else, Thank you for the detailed replies. Everybody advises writing a script to run the Pop Server, in more detail -> using SysV Script , nohup to dissasociate from the terminal. So heres the framework for the Java Code 1> Bind to the Pop Socket 2> Release Root Priveleges using JNI 3> Begin accepting Client Connections. I have reservations about the steps above , will it really be as secure as a C application doing the same thing (ie becoming a daemon) or can JVM be hiding something, which I am unable to pick up ! I have already Implemented the same. I have a few more questions, I hope you will take some time off to clear them >> > I think that yau can do almost all or all in Java, without native code. Now I am really Interested :) > -First if you start the server from the SysV scripts you can simply use > nohup(see man nohup) so you won't be associated with the terminal. > -I don't know any way of changing EUIDs of the JavaVM/separate thread in > runtime, but you you can write your won SecurityManager( see the API > spec./Tutorial for info & examples). IMHO this is very flexible. This will Could you please elaborate I am afraid I am not very clear about how exactly you visualize this Implementation. > solve the problem with standard file descriptors too. Are you talking about closing the Standard file descriptor for IO ? > -The problem with memory leaks is more difficult. I'm not conserced with the > state of the current JDK - I don't now if or/and where it leaks. But if you > mean leaks in your code maybe you could just have the critical memory collected > by the GC. I mean remove the critical object(s)/thread(s) and instance new > one(s). I was worried about the entire JVM but I guess I will put this issue on the backburner for a while, I'll let the script wait on the POp Server and then have the Server serve n connections & exit itself, the script can then restart it. Thank you for the feedback ... > > Hope that helps. > > Yavor -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Writing A Java Pop Server for Linux
Hi all, In my earlier post I wrote >> > 1> Bind to the System Port I want to listen on > 2> Release Root Priveleges using JNI > 3> Begin accepting Client Connections. > > I have reservations about the steps above , will it really be as secure > as > a C application doing the same thing (ie becoming a daemon) or can JVM > be hiding something, which I am unable to pick up ! > I have already Implemented the same. *Update* When JVM Loads the Pop Server for execution it 'forks' 4 processes, one to handle the program itself and the other 3 to perform its internal book-keeping (I think), Now within the Server, I am calling setuid() to change EUIDS so that I can continue running as nobody after having 'bound' myself to the System Socket, since my Server had been 'forked' by JVM the change in EUID is confined to the Server only (obviously). The other 'processes' forked are still holding root privileges (which precisely is the itch). I did a 'netstat' for the Port I was listening on and verified that the Process listening on the particular port had indeed changed EUIDS and lost its root privileges. However when I used 'fuser' for the same tcp port I got the 4 processes of which 3 are root and one was nobody. Now I have serious reservations of the Server I am trying to Write. Would anybody know how I can get ALL the processes to drop their root priveleges ? This is really showing my 'greenness' in terms of writing a secure Java app for Linux. Thank you for your time and Patience .. Sorry I did not bring this up earlier, I could not have possibly known. > I have a few more questions, I hope you will take some time off to clear > them >> > > > I think that yau can do almost all or all in Java, without native code. > > Now I am really Interested :) > > > -First if you start the server from the SysV scripts you can simply use > > nohup(see man nohup) so you won't be associated with the terminal. > > > -I don't know any way of changing EUIDs of the JavaVM/separate thread in > > runtime, but you you can write your won SecurityManager( see the API > > spec./Tutorial for info & examples). IMHO this is very flexible. This will > > Could you please elaborate I am afraid I am not very clear about how > exactly you visualize this Implementation. > > > solve the problem with standard file descriptors too. > Are you talking about closing the Standard file descriptor for IO ? > > > -The problem with memory leaks is more difficult. I'm not conserced with the > > state of the current JDK - I don't now if or/and where it leaks. But if you > > mean leaks in your code maybe you could just have the critical memory collected > > by the GC. I mean remove the critical object(s)/thread(s) and instance new > > one(s). > > I was worried about the entire JVM but I guess I will put this issue on > the backburner for a while, I'll let the script wait on the POp Server > and then > have the Server serve n connections & exit itself, the script can then > restart it. > > Thank you for the feedback ... > > > > > Hope that helps. > > > > Yavor > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Writing A Java Pop Server for Linux
On Wed, Sep 13, 2000 at 05:55:58PM +0530, Santosh Dawara wrote: > Hi all, > > In my earlier post I wrote >> > > > 1> Bind to the System Port I want to listen on > > 2> Release Root Priveleges using JNI > > 3> Begin accepting Client Connections. > > > > I have reservations about the steps above , will it really be as secure > > as > > a C application doing the same thing (ie becoming a daemon) or can JVM > > be hiding something, which I am unable to pick up ! > > I have already Implemented the same. > > *Update* > > When JVM Loads the Pop Server for execution it 'forks' 4 processes, You use 'forks' in quotes. Are they processes or threads? How were they created? Nathan > one to handle the program itself and the other 3 to perform its > internal book-keeping (I think), Now within the Server, I am calling > setuid() to change EUIDS so that I can continue running as nobody > after having 'bound' myself to the System Socket, since my Server > had been 'forked' by JVM the change in EUID is confined to the Server > only (obviously). The other 'processes' forked are still holding root > privileges (which precisely is the itch). > > I did a 'netstat' for the Port I was listening on and verified that the > Process listening on the particular port had indeed changed EUIDS and > lost its root privileges. However when I used 'fuser' for the same tcp > port I got the 4 processes of which 3 are root and one was nobody. > > Now I have serious reservations of the Server I am trying to Write. > Would anybody know how I can get ALL the processes to drop their root > priveleges ? This is really showing my 'greenness' in terms of writing > a secure Java app for Linux. > > Thank you for your time and Patience .. Sorry I did not bring this > up earlier, I could not have possibly known. > > > I have a few more questions, I hope you will take some time off to clear > > them >> > > > > > I think that yau can do almost all or all in Java, without native code. > > > > Now I am really Interested :) > > > > > -First if you start the server from the SysV scripts you can simply use > > > nohup(see man nohup) so you won't be associated with the terminal. > > > > > -I don't know any way of changing EUIDs of the JavaVM/separate thread in > > > runtime, but you you can write your won SecurityManager( see the API > > > spec./Tutorial for info & examples). IMHO this is very flexible. This will > > > > Could you please elaborate I am afraid I am not very clear about how > > exactly you visualize this Implementation. > > > > > solve the problem with standard file descriptors too. > > Are you talking about closing the Standard file descriptor for IO ? > > > > > -The problem with memory leaks is more difficult. I'm not conserced with the > > > state of the current JDK - I don't now if or/and where it leaks. But if you > > > mean leaks in your code maybe you could just have the critical memory collected > > > by the GC. I mean remove the critical object(s)/thread(s) and instance new > > > one(s). > > > > I was worried about the entire JVM but I guess I will put this issue on > > the backburner for a while, I'll let the script wait on the POp Server > > and then > > have the Server serve n connections & exit itself, the script can then > > restart it. > > > > Thank you for the feedback ... > > > > > > > > Hope that helps. > > > > > > Yavor > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Writing A Java Pop Server for Linux
> I was worried about the entire JVM but I guess I will put this issue on > the backburner for a while, I'll let the script wait on the POp Server > and then > have the Server serve n connections & exit itself, the script can then > restart it. Why are you concerned with memory leaks at all? Since you can run a huge application such as Enhydra (www.enhydra.org), to name one example, without memory leaks - why should it be a problem with a POP server? -- / Peter Schuller, InfiDyne Technologies HB PGP userID: 0x5584BD98 or 'Peter Schuller <[EMAIL PROTECTED]>' Key retrival: Send an E-Mail to [EMAIL PROTECTED] E-Mail: [EMAIL PROTECTED] Web: http://scode.infidyne.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Pablo Trujillo
I need information about CVS - Click here for Free Video!! http://www.gohip.com/free_video/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Pablo Trujillo
Pablo Trujillo wrote: > > I need information about CVS http://www.cvshome.org/ -- Joi EllisSoftware Engineer Aravox Technologies [EMAIL PROTECTED], [EMAIL PROTECTED] No matter what we think of Linux versus FreeBSD, etc., the one thing I really like about Linux is that it has Microsoft worried. Anything that kicks a monopoly in the pants has got to be good for something. - Chris Johnson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Web Services Toolkit w/ Linux and Websphere support
- IBM's Rod Smith explains Web Services and UDDI IBM announces UDDI and Web services, the next-generation architecture for e-business. Take a look at an interview with Rod Smith the Vice President of Emerging Technology, Software Group, IBM. He gives a brief overview of the Web Services architecture and an in-depth discussion of what it means to you.. Rod states, quite confidently, that "we absolutely believe this is bigger than Java and XML". You can also download the Web Services Toolkit Version 1.1 and try it yourself. Here is Rod's Interview: http://www-4.ibm.com/software/developer/library/w-int.html?open&l=258,t=gr,p=rdsmint Here is the Toolkit download with Websphere and Linux: http://www.alphaworks.ibm.com/tech/webservicestoolkit?open&l=jlbd,t=gr,p=wstkit - Ariba, Microsoft, Sun and IBM announce new standard for B2B electronic commerce Thirty-six technology companies, led by Ariba Inc., IBM Corp., Sun, and Microsoft Corp., have joined to create a global Internet standard designed to accelerate e-commerce.UDDI and Web services, the next-generation architecture for e-business. Here is the article: http://www-4.ibm.com/software/developer/library/w-uddi.html?open&l=258,t=gr,p=webserv -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
"Bigger than Java and XML"
- IBM's Rod Smith explains Web Services and UDDI IBM announces UDDI and Web services, the next-generation architecture for e-business. Take a look at an interview with Rod Smith the Vice President of Emerging Technology, Software Group, IBM. He gives a brief overview of the Web Services architecture and an in-depth discussion of what it means to you.. Rod states, quite confidently, that "we absolutely believe this is bigger than Java and XML". You can also download the Web Services Toolkit Version 1.1 and try it yourself. Here is Rod's Interview: http://www-4.ibm.com/software/developer/library/w-int.html?open&l=317,t=gr,p=rdsmint Here is the Toolkit download: http://www.alphaworks.ibm.com/tech/webservicestoolkit?open&l=xm4jlst,t=gr,p=wstkit - Ariba, Microsoft, Sun and IBM announce new standard for B2B electronic commerce Thirty-six technology companies, led by Ariba Inc., IBM Corp., Sun, and Microsoft Corp., have joined to create a global Internet standard designed to accelerate e-commerce.UDDI and Web services, the next-generation architecture for e-business. Here is the article: http://www-4.ibm.com/software/developer/library/w-uddi.html?open&l=317,t=gr,p=webserv -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
where to find jdk1.2 for unix?
¡CRPDDzf¢Ú#jö¥{±ê®zËcjö§$v'¢¸0ØZ²æãyËh~éì¹»
®&ÞNº.nW¢{ZrÙ®VåiÉ
£ è®
Re: Writing A Java Pop Server for Linux
Nathan Meyers wrote: > > You use 'forks' in quotes. Are they processes or threads? How were > they created? Proper Linux Processes, If you said "java Helloworld" for the simplest of code , 'ps uax ' will tell you 4 new Processes were Spawned , I am guessing they are for the JVMs Internal book keeping and for executing the code > Nathan > > > one to handle the program itself and the other 3 to perform its > > internal book-keeping (I think), Now within the Server, I am calling > > setuid() to change EUIDS so that I can continue running as nobody > > after having 'bound' myself to the System Socket, since my Server > > had been 'forked' by JVM the change in EUID is confined to the Server > > only (obviously). The other 'processes' forked are still holding root > > privileges (which precisely is the itch). > > > > I did a 'netstat' for the Port I was listening on and verified that the > > Process listening on the particular port had indeed changed EUIDS and > > lost its root privileges. However when I used 'fuser' for the same tcp > > port I got the 4 processes of which 3 are root and one was nobody. > > > > Now I have serious reservations of the Server I am trying to Write. > > Would anybody know how I can get ALL the processes to drop their root > > priveleges ? This is really showing my 'greenness' in terms of writing > > a secure Java app for Linux. > > > > Thank you for your time and Patience .. Sorry I did not bring this > > up earlier, I could not have possibly known. > > > > > I have a few more questions, I hope you will take some time off to clear > > > them >> > > > > > > > I think that yau can do almost all or all in Java, without native code. > > > > > > Now I am really Interested :) > > > > > > > -First if you start the server from the SysV scripts you can simply use > > > > nohup(see man nohup) so you won't be associated with the terminal. > > > > > > > -I don't know any way of changing EUIDs of the JavaVM/separate thread in > > > > runtime, but you you can write your won SecurityManager( see the API > > > > spec./Tutorial for info & examples). IMHO this is very flexible. This will > > > > > > Could you please elaborate I am afraid I am not very clear about how > > > exactly you visualize this Implementation. > > > > > > > solve the problem with standard file descriptors too. > > > Are you talking about closing the Standard file descriptor for IO ? > > > > > > > -The problem with memory leaks is more difficult. I'm not conserced with the > > > > state of the current JDK - I don't now if or/and where it leaks. But if you > > > > mean leaks in your code maybe you could just have the critical memory collected > > > > by the GC. I mean remove the critical object(s)/thread(s) and instance new > > > > one(s). > > > > > > I was worried about the entire JVM but I guess I will put this issue on > > > the backburner for a while, I'll let the script wait on the POp Server > > > and then > > > have the Server serve n connections & exit itself, the script can then > > > restart it. > > > > > > Thank you for the feedback ... > > > > > > > > > > > Hope that helps. > > > > > > > > Yavor > > > > > > -- > > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
where to find jdk1.2 for unix?
> I only find jdk for linux,windows and solaris, but no for unix.
> If you know, please give me it's detail address.
>
> Thanks!
>
èPÔ
¨¥¶Ú½©bìkz«²ØÚ½¦åiÉ
£è®
"¶¬¹¸ÞrÚ º{.nÇ+·®à¨Ö¶F«¹ZrGhÂz+
