"jean-frederic clere" <[EMAIL PROTECTED]> wrote:
> Remy Maucherat wrote:
>>
>>> "Patrick Luby" <[EMAIL PROTECTED]> wrote:
>>>
>>>> Remy,
>>>>
>>>> This is great news!
>>>>
>>>> I scanned through the Unix code and noticed that it uses the chmod'ing
>>>> executables with setuid bits instead of performing a JNI call to the
>> setuid()
>>>> and seteuid() C functions before and after binding of a ServerSocket
>> (i.e. the
>>>> place you should need root access if you are binding to ports 1 through
>> 1024).
>>>> This type of approach eliminates the need for a controller and slave
>> process.
>>>
>>> Then it's not my code... My code was written using setuid() and
>> seteuid()...
>>> Actually, the copy I have here also supports CHROOTING of the whole JVM
>>> process, and real/effective group switching (as we say in Italy, "'na
>> botte
>>> de fero").
>>
>> There weren't 10 different copies of that code. Just one in j-t-s ;-)
>> Obviously, I couldn't have written it myself.
>
> That Pier's code (in jakarta-commons-sandbox/daemon/src/native/unix/native).
> Where is the chmod()?
> The idea of making setuid() and setgid() from the JVM is also possible - I
> will
> try it -
There are way-too-many copies in way-too-many places (three found so far on
CVS... Shaitz!)... Bah, my fault!!$!^@$(U#!@$%*(@&#$%!)*&%!
Pier
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
