I'm saying that UnixLoginModule can identify the uid as some non-
root user,
yet the process could be running as root. This happens because of the
distinction between real-uid, which UnixLoginModule looks at, and
effective-uid, which is what the OS itself looks at when determining
whether some process is allowed access to some controlled resource.
OK, I got back to reading this and I'm sorry but clear as it is it is
still not explained well enough for me to completely understand the
whys and where for's - but thats OK. I would guess the original uid
is kept as a possible later audit trail as to what mischief was
actually done with the admin access? But that would still be a guess.
But again I wasn't really trying to better grasp the details of Unix/
Posix security.
For my purposes, again just for the exercise, I wanted to see if I
could come up with the JAAS login module I had myself suggested to
Dmitry's first post. Partly because I had been unable previously to
get UnixLoginModule to work at all and I wanted to see if I could
have more success with my own. I did, although less than complete
success as discussed. No fault to AuthKit which is itself working
correctly within the already discussed intentional limitations of the
underlying native code.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden
This email sent to email@hidden
