"jean-frederic clere" <[EMAIL PROTECTED]> wrote: > Remy Maucherat wrote: >> >>> "Patrick Luby" <[EMAIL PROTECTED]> wrote: >>> >>>> Remy, >>>> >>>> This is great news! >>>> >>>> I scanned through the Unix code and noticed that it uses the chmod'ing >>>> executables with setuid bits instead of performing a JNI call to the >> setuid() >>>> and seteuid() C functions before and after binding of a ServerSocket >> (i.e. the >>>> place you should need root access if you are binding to ports 1 through >> 1024). >>>> This type of approach eliminates the need for a controller and slave >> process. >>> >>> Then it's not my code... My code was written using setuid() and >> seteuid()... >>> Actually, the copy I have here also supports CHROOTING of the whole JVM >>> process, and real/effective group switching (as we say in Italy, "'na >> botte >>> de fero"). >> >> There weren't 10 different copies of that code. Just one in j-t-s ;-) >> Obviously, I couldn't have written it myself. > > That Pier's code (in jakarta-commons-sandbox/daemon/src/native/unix/native). > Where is the chmod()? > The idea of making setuid() and setgid() from the JVM is also possible - I > will > try it -
There are way-too-many copies in way-too-many places (three found so far on CVS... Shaitz!)... Bah, my fault!!$!^@$(U#!@$%*(@&#$%!)*&%! Pier -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>