Thanks for the quick reply. I'll create a jira issue for this so it is properly tracked. I'll look into submitting a patch. My C is a little rusty, but it'll probably come back.
If it is easy to explain, could you give a quick summary of why not using libcap is less secure? i.e. what is not restricted, or what type of attack would be possible. ----- Original Message ----- From: Mladen Turk <[email protected]> To: Commons Users List <[email protected]> Cc: Sent: Thursday, January 5, 2012 1:50 PM Subject: Re: [daemon] compile for use with redhat and debian On 01/05/2012 05:48 PM, Phil Clay wrote: > > 1) Is it possible to create a single jsvc binary (that uses libcap), that > works if either libcap.so.1 or libcap.so.2 is available at runtime? > In theory yes by using the dlopen("libcap.so") and then dlsym all API's instead linking. It is on my TODO list, but if you are in a hurry, feel free to provide a patch. It'll get into the release faster :) > > 2) I have experimented with disabling libcap when compiling jsvc. This allows > jsvc to run on both platforms. What are the implications of this? Does this > result in a "less secure" binary? Note that I am using the -user flag to > drop the daemon process to a non-root user at runtime. > Yep less secure. Regards -- ^TM --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
