www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Duncan Davidson <dun...@x180.net>
Subject Re: WORA Considered Evil ;-)
Date Wed, 02 Jul 2003 15:21:15 GMT

On Wednesday, July 2, 2003, at 07:46 AM, Serge Knystautas wrote:

> Santiago Gala wrote:
>> I think a good equilibrium point between the "marketing" view of 
>> security (making sysadms trust) and purist java technical view would 
>> be to allow James not having to run as root under Unix (to handle 
>> protected ports like 25, 110, etc.) and then securing the rest of the 
>> processing through java security declarations.
>
> Since people here know qmail and sendmail a lot better than I do... 
> how do they bind to those ports without running as root?

By changing their id after they launch as root. setuid. Pretty common 
thing to do. See man setuid. There's some source code floating around 
the net to compile a native library for Java that will do a setuid for 
you... We wrote it back in the Java Web Server days so that we could 
start up on port 80 and then bounce to nobody (or whatever user you 
wanted).

It's f'ing insane that it's not a "standard" thing in the platform. 
There's zillions of audio things in there but not a good setuid. Feh.


---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org


Mime
View raw message