Costin, [EMAIL PROTECTED] wrote: > > How easy would it be if that was possible ? For both hackers and > developers :-)
If we keep this as a "public static void" method, these could be used by any codebase (as long as they pulled in the .jar and shared library files). > > Changing the uid to root is certainly impossible AFAIK ( at least on > unix, on NT everything is possible, but I hope not this one ). > Well, of course the process would have to be started as root and the setuid to a non-root user happens at the start of the process. Then, the JNI calls allow you to invoke setuid to switch back to the "saved uid" which is root (since that is the uid of the parent process). The only issue that think that may be problematic is multi-threading since all threads get switched back to root momemtarily. The reason I am proposing this tricky approach is that, at least in Tomcat 4.x, the ServerSocket binding is not all in one place in the code or, AFAIK, right at the beginning of main(). Hence, it looks like it will be impractical to do all of the socket binding and then setuid to the non-root user without moving a lot of code around. I will continue to look at this, however, because of the threading issue . > The other part is possible and I think it's a very good solution. My only worry here is how much resistance there would be for native executables to launch Tomcat and/or other tools. Of course, one could also launch Java directly so maybe this will make this idea more palatable. > > Costin > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- _____________________________________________________________________ Patrick Luby Email: [EMAIL PROTECTED] Sun Microsystems Phone: 408-276-7471 901 San Antonio Road, USCA14-303 Palo Alto, CA 94303-4900 _____________________________________________________________________ -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
