commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jean-frederic clere <jfrederic.cl...@fujitsu-siemens.com>
Subject [daemon] Threads and setuid on Linux
Date Mon, 25 Feb 2002 11:42:41 GMT
Hi,

I have noted a small problem when using the daemon on Linux.
The jsvc starts several threads when he is root but the Linux setuid only
applies on the current thread so the software ends into various threads
belonging to root and others to nobody. :-(

I have tried to solve the problem making the setuid before the loading the JVM
(java_init) but keeping some root capabilities till after the loading of the
service (java_load).

The idea is do the following (only with using linux):

setcapabilities via syscall
(CAP_NET_BIND_SERVICE+CAP_SETGID+CAP_SETUID+CAP_DAC_OVERRIDE+CAP_DAC_READ_SEARCH).
using prctl to be able to set them after the setuid/getid.
setuid and getid.
setcapabilities(CAP_NET_BIND_SERVICE+CAP_DAC_OVERRIDE+CAP_DAC_READ_SEARCH).
load JVM (java_init).
load the service (java_load).
setcapabilities to minimum (CAP_NET_BIND_SERVICE?).

Any comments?

Cheers

Jean-frederic

--
To unsubscribe, e-mail:   <mailto:commons-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:commons-dev-help@jakarta.apache.org>


Mime
View raw message