Return-Path: X-Original-To: apmail-commons-user-archive@www.apache.org Delivered-To: apmail-commons-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3BECA9033 for ; Thu, 5 Jan 2012 19:25:45 +0000 (UTC) Received: (qmail 82282 invoked by uid 500); 5 Jan 2012 19:25:43 -0000 Delivered-To: apmail-commons-user-archive@commons.apache.org Received: (qmail 82199 invoked by uid 500); 5 Jan 2012 19:25:43 -0000 Mailing-List: contact user-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Commons Users List" Delivered-To: mailing list user@commons.apache.org Received: (qmail 82188 invoked by uid 99); 5 Jan 2012 19:25:42 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jan 2012 19:25:42 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [98.139.91.224] (HELO nm23-vm0.bullet.mail.sp2.yahoo.com) (98.139.91.224) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 05 Jan 2012 19:25:33 +0000 Received: from [98.139.91.65] by nm23.bullet.mail.sp2.yahoo.com with NNFMP; 05 Jan 2012 19:25:12 -0000 Received: from [98.139.91.25] by tm5.bullet.mail.sp2.yahoo.com with NNFMP; 05 Jan 2012 19:25:12 -0000 Received: from [127.0.0.1] by omp1025.mail.sp2.yahoo.com with NNFMP; 05 Jan 2012 19:25:12 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 482249.60064.bm@omp1025.mail.sp2.yahoo.com Received: (qmail 53146 invoked by uid 60001); 5 Jan 2012 19:25:12 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1325791511; bh=6rpWubFLN2GbGpYzOSTHiVYmpqok4SuQKy8bAzGsvrM=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=YRNpXY8EbN6I2d7KpgLfoRt4ypGOAcsL4tjo2LUtE+jBNLdEcoJeE6PndoLeA4PJZPjf0dHUt918U0xlo6+0lFFEt77xVtAmvOJ7YKKUKRgyKwlOpK/HGM69SNM9oTjAaRgpgKrNxugves732XBKklxvAhG3EmO+wffbKlRh/Hk= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=nIKFujzp4Cns6nTsFSfNW0tMqS7O5EHHU4Z9i6oRjTlVgJ9Acm/glkFK8gCkxS+PTkTQFxbRqMTWk4L/ewK9+/JXjgAoLyFlGftcZi7TPXWU/yie2Bzv6ZdFd4AEILzs8Sdw8RNfhROguc8SfdEjgEaf5u4IaczV5DnKxINuyBI=; X-YMail-OSG: 8VPqjAYVM1lmxarfd6qbkwc4H01Ft0mR85gvRqCauazlIuH TLxLDIHDzZLp1R4if7XliaLCjCh4_teJKY0QvJEe51kX2V2iJbNdjn64lIrT nyL5qDQClzj9ZvlUX27TBVbv_6_wp8Q6zPEelxbHIut3lXaryMKaj9wkLXwA wifFvM5l7pqEKQavhjAP5quyn0uIcnL9kGLYIKiLEFX7MDa7sgrT4JJ4vdoH sxUrmuS6yWz4hpdqp5G2YYpNQ9RG1jd8ELj0JHoa5T4rLsi9RfKx72VWgzkH QChUyYoHudwIephdDj5AE6TTazfAAmqtZb19hdDinheydXO6cSpiCWS0oFVD 9COQ238BjAP08YRQcHN1JcY2pf7pkPDWlbZAQtRJcUKX31fABJaNhcGWFuvH ehNFQWXH64mWbVXlO5LRO.AX_pw8HJadT6YHprIHhaKTu2fZtVo5HwP0GvZF wa94xhmcF4sMBMGTvdh5EqXMoDQo3f9XG9hTmK.t6Y7V7dT0u_j2k2.tS.bO pDOIEwCY_5g-- Received: from [216.240.30.23] by web164509.mail.gq1.yahoo.com via HTTP; Thu, 05 Jan 2012 11:25:11 PST X-Mailer: YahooMailWebService/0.8.115.331698 References: <1325782083.40507.YahooMailNeo@web164508.mail.gq1.yahoo.com> <4F05F0E5.6030100@apache.org> Message-ID: <1325791511.52898.YahooMailNeo@web164509.mail.gq1.yahoo.com> Date: Thu, 5 Jan 2012 11:25:11 -0800 (PST) From: Phil Clay Reply-To: Phil Clay Subject: Re: [daemon] compile for use with redhat and debian To: Commons Users List In-Reply-To: <4F05F0E5.6030100@apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Thanks for the quick reply.=0A=0AI'll create a jira issue for this so it is= properly tracked.=A0 I'll look into submitting a patch.=A0 My C is a littl= e rusty, but it'll probably come back.=0A=0AIf it is easy to explain, could= you give a quick summary of why not using libcap is less secure?=A0 i.e. w= hat is not restricted, or what type of attack would be possible.=0A=0A=0A= =0A----- Original Message -----=0AFrom: Mladen Turk =0ATo= : Commons Users List =0ACc: =0ASent: Thursday, Jan= uary 5, 2012 1:50 PM=0ASubject: Re: [daemon] compile for use with redhat an= d debian=0A=0AOn 01/05/2012 05:48 PM, Phil Clay wrote:=0A>=0A> 1) Is it pos= sible to create a single jsvc binary (that uses libcap), that works if eith= er libcap.so.1 or libcap.so.2 is available at runtime?=0A>=0A=0AIn theory y= es by using the dlopen("libcap.so") and then dlsym all API's instead linkin= g.=0AIt is on my TODO list, but if you are in a hurry, feel free to provide= a patch.=0AIt'll get into the release faster :)=0A=0A>=0A> 2) I have exper= imented with disabling libcap when compiling jsvc. This allows jsvc to run = on both platforms.=A0 What are the implications of this?=A0 Does this resul= t in a "less secure" binary?=A0 Note that I am using the -user flag to drop= the daemon process to a non-root user at runtime.=0A>=0A=0AYep less secure= .=0A=0A=0ARegards=0A-- =0A^TM=0A=0A----------------------------------------= -----------------------------=0ATo unsubscribe, e-mail: user-unsubscribe@co= mmons.apache.org=0AFor additional commands, e-mail: user-help@commons.apach= e.org --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@commons.apache.org For additional commands, e-mail: user-help@commons.apache.org