geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark <delafran_j...@hotmail.com>
Subject Re: GBean Last Startup
Date Wed, 27 Apr 2005 16:29:39 GMT
sissonj@insession.com wrote:

> Would you do the switching via JNI?

Yes, thats what we have done. I was looking at porting this to a GBean 
that would be run from Geronimo. Another item on my "to figure out" list 
is how Geronimo handles native libraries? The lib directory will handle 
jar files, but is this directory added to the library path?

>
> How would you handle the situation where Tomcat needs to be stopped 
> and restarted for some reason... stopping those GBeans that bind to 
> ports lower than 1024 and restarting them whilst other parts of 
> Geronimo remain running. Wouldn't that involve increasing the 
> privileges for the whole JVM whilst the GBeans bind to their ports, 
> therefore there would be a window that could be exploited where the 
> process has extra privileges?

Yes it would. I don't think there is a way to work around this in 
Geronimo. In my case, the process needs to be restarted and has been an 
acceptable limition - since we haven't received any negative feedback 
from our customers .. :-)

>
> Would a safer (but slower) alternative be to run Geronimo under root 
> under a Java security manager with the Java security policy setting 
> allowed ports, files etc?

A java security policy could potentially work, but this is a 
configuration that we are not interested in maintaining. However, in 
Geronimo this may be the only option.

>
> There is an interesting discussion of alternative options in this mail 
> thread:
>
> http://www.networksecurityarchive.org/html/Focus-Sun/2004-09/msg00010.html 
>
> http://www.networksecurityarchive.org/html/Focus-Sun/2004-09/msg00014.html 
>

Currently, the only way to have Geronimo startup and use port 80 (as an 
example) under Solaris 9 or under is to run the java process as root. 
This most certainly will be an issue for certain enterprise users.

Thanks
Mark

>
> John
>
> This e-mail message and any attachments may contain confidential, 
> proprietary or non-public information. This information is intended 
> solely for the designated recipient(s). If an addressing or 
> transmission error has misdirected this e-mail, please notify the 
> sender immediately and destroy this e-mail. Any review, dissemination, 
> use or reliance upon this information by unintended recipients is 
> prohibited. Any opinions expressed in this e-mail are those of the 
> author personally.
>
> Mark <delafran_j2ee@hotmail.com> wrote on 27/04/2005 01:16:16 PM:
>
> > Hi all,
> >
> > I have a need to start Geronimo as the root user under Solaris and then
> > once it’s started switch the effective user of the process to a user
> > with fewer privileges. Part of the requirement is to allow Geronimo to
> > startup using ports lower than 1024. Once all the server sockets have
> > been created the process user can be switched.
> >
> > Does the Geronimo kernel have the ability to load a GBean last? I am
> > thinking that I could create a GBean to perform the user switch. If 
> this
> > GBean was started last, then I would know that Tomcat, Jetty, OpenEJB
> > and other server services would have already initialized their server
> > sockets.
> >
> > Alternatively, I could create a GBean that has a collection or 
> reference
> > to other network service GBeans. Once I get this reference, I know the
> > kernel has loaded the GBeans, but I may not know their status (started,
> > stopped or waiting). I’ve noticed that in GBeanInstance, there is a
> > magic attribute to get a GBeans state.
> >
> > Sound possible or am I way off here?
> >
> > Thanks
> > Mark
> >
> >



Mime
View raw message