commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phil Clay <pil...@yahoo.com>
Subject Re: [daemon] compile for use with redhat and debian
Date Thu, 05 Jan 2012 19:25:11 GMT
Thanks for the quick reply.

I'll create a jira issue for this so it is properly tracked.  I'll look into submitting a
patch.  My C is a little rusty, but it'll probably come back.

If it is easy to explain, could you give a quick summary of why not using libcap is less secure? 
i.e. what is not restricted, or what type of attack would be possible.



----- Original Message -----
From: Mladen Turk <mturk@apache.org>
To: Commons Users List <user@commons.apache.org>
Cc: 
Sent: Thursday, January 5, 2012 1:50 PM
Subject: Re: [daemon] compile for use with redhat and debian

On 01/05/2012 05:48 PM, Phil Clay wrote:
>
> 1) Is it possible to create a single jsvc binary (that uses libcap), that works if either
libcap.so.1 or libcap.so.2 is available at runtime?
>

In theory yes by using the dlopen("libcap.so") and then dlsym all API's instead linking.
It is on my TODO list, but if you are in a hurry, feel free to provide a patch.
It'll get into the release faster :)

>
> 2) I have experimented with disabling libcap when compiling jsvc. This allows jsvc to
run on both platforms.  What are the implications of this?  Does this result in a "less
secure" binary?  Note that I am using the -user flag to drop the daemon process to a non-root
user at runtime.
>

Yep less secure.


Regards
-- 
^TM

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org


Mime
View raw message