Remy Maucherat wrote: > > > "Patrick Luby" <[EMAIL PROTECTED]> wrote: > > > > > Remy, > > > > > > This is great news! > > > > > > I scanned through the Unix code and noticed that it uses the chmod'ing > > > executables with setuid bits instead of performing a JNI call to the > setuid() > > > and seteuid() C functions before and after binding of a ServerSocket > (i.e. the > > > place you should need root access if you are binding to ports 1 through > 1024). > > > This type of approach eliminates the need for a controller and slave > process. > > > > Then it's not my code... My code was written using setuid() and > seteuid()... > > Actually, the copy I have here also supports CHROOTING of the whole JVM > > process, and real/effective group switching (as we say in Italy, "'na > botte > > de fero"). > > There weren't 10 different copies of that code. Just one in j-t-s ;-) > Obviously, I couldn't have written it myself.
That Pier's code (in jakarta-commons-sandbox/daemon/src/native/unix/native). Where is the chmod()? The idea of making setuid() and setgid() from the JVM is also possible - I will try it - > > Anyway, improvements are always welcome :) > > Remy > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
