Would you do the switching via JNI?
How would you handle the situation where Tomcat needs to be stopped and
restarted for some reason... stopping those GBeans that bind to ports
lower than 1024 and restarting them whilst other parts of Geronimo remain
running. Wouldn't that involve increasing the privileges for the whole
JVM whilst the GBeans bind to their ports, therefore there would be a
window that could be exploited where the process has extra privileges?
Would a safer (but slower) alternative be to run Geronimo under root under
a Java security manager with the Java security policy setting allowed
ports, files etc?
There is an interesting discussion of alternative options in this mail
thread:
http://www.networksecurityarchive.org/html/Focus-Sun/2004-09/msg00010.html
http://www.networksecurityarchive.org/html/Focus-Sun/2004-09/msg00014.html
John
This e-mail message and any attachments may contain confidential,
proprietary or non-public information. This information is intended
solely for the designated recipient(s). If an addressing or transmission
error has misdirected this e-mail, please notify the sender immediately
and destroy this e-mail. Any review, dissemination, use or reliance upon
this information by unintended recipients is prohibited. Any opinions
expressed in this e-mail are those of the author personally.
Mark <delafran_j2ee@hotmail.com> wrote on 27/04/2005 01:16:16 PM:
> Hi all,
>
> I have a need to start Geronimo as the root user under Solaris and then
> once it?s started switch the effective user of the process to a user
> with fewer privileges. Part of the requirement is to allow Geronimo to
> startup using ports lower than 1024. Once all the server sockets have
> been created the process user can be switched.
>
> Does the Geronimo kernel have the ability to load a GBean last? I am
> thinking that I could create a GBean to perform the user switch. If this
> GBean was started last, then I would know that Tomcat, Jetty, OpenEJB
> and other server services would have already initialized their server
> sockets.
>
> Alternatively, I could create a GBean that has a collection or reference
> to other network service GBeans. Once I get this reference, I know the
> kernel has loaded the GBeans, but I may not know their status (started,
> stopped or waiting). I?ve noticed that in GBeanInstance, there is a
> magic attribute to get a GBeans state.
>
> Sound possible or am I way off here?
>
> Thanks
> Mark
>
>
|