Michael Hall wrote:
>Fine, except I'm not sure what security advantage there is to being
>able to create and communicate with a privileged process rather than
>become one yourself.
It isn't necessarily an advantage. It's simply a consequence, or at least
an artifact, of how Unix/Posix setuid works.
> However, I'm not that
>knowledgeable on the Unix/Posix security model and this thread is
>probably not the place to correct that.
Agreed.
>I'm not quite sure I'm following the distinction here again. Which
>might be important to Dmitry's original post. Are you saying that
>despite providing proof by dialog that you are or know a admin user/
>password that you may not be able to do what you want?
That's not what I'm saying, and I don't think it matters at all to Dmitry's
original post.
>Or what are you saying here?
I'm saying that UnixLoginModule can identify the uid as some non-root user,
yet the process could be running as root. This happens because of the
distinction between real-uid, which UnixLoginModule looks at, and
effective-uid, which is what the OS itself looks at when determining
whether some process is allowed access to some controlled resource.
I'm not saying this has anything to do with Dmitry's original question.
It has more to do with your attempt to write a JAAS login-module using my
AuthKit, and your subsequent questions on how one could obtain root
privileges as a JAAS permission grant. AFAICT, JAAS itself can't actually
grant root privileges, because it doesn't spawn a new process running as
root. So even if you made a LoginModule using AuthKit, and even if you
subsequently authenticated as an admin user to that LoginModule, you'd
still have to use the AuthKit's execPrivileged() method, because that's the
only way you can actually exercise the privilege you've demonstrated you
have permission to use. In particular, Runtime.exec() doesn't know
anything about JAAS or execPrivileged(), and there is no pathway other than
through execPrivileged() that yields root privileges. However, I may be
missing something, so I could be wrong.
>Basically since what Dmitry was originally looking for was a JAAS
>login module that allowed what he wanted I thought coming up with one
>as a front-end API to yours might be a good fit.
I interpreted Dmitry's original question along the lines of, "I tried
UnixLoginModule and it was unable to grant or obtain root privileges, in
order to install files in a restricted directory. Is there a pure Java way
to obtain root privileges?" JAAS was incidental to solving that problem.
In other words, JAAS and or a LoginModule was an incidental side-effect of
the attempted use of UnixLoginModule, which did not solve the problem of
obtaining root privileges. JAAS was in no way necessary for a solution,
though if it offered one it would be acceptable. Since JAAS doesn't offer
a solution, AFAICT, it becomes irrelevant to solving the actual problem at
hand: obtaining root privileges to install files.
The real requirement was simply a pure Java way to obtain root privileges,
which is why I originally replied the way I did. Your pursuit of a JAAS
LoginModule then engendered my other reply, but that was due to questions
you raised, not ones that Dmitry raised.
-- GG
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden
This email sent to email@hidden
