On Mar 19, 2006, at 7:45 PM, Greg Guerin wrote:
I'm saying that UnixLoginModule can identify the uid as some non-
root user,
yet the process could be running as root. This happens because of
the
distinction between real-uid, which UnixLoginModule looks at, and
effective-uid, which is what the OS itself looks at when determining
whether some process is allowed access to some controlled resource.
OK, I got back to reading this and I'm sorry but clear as it is it
is still not explained well enough for me to completely understand
the whys and where for's - but thats OK. I would guess the original
uid is kept as a possible later audit trail as to what mischief was
actually done with the admin access? But that would still be a guess.
But again I wasn't really trying to better grasp the details of
Unix/Posix security.
For my purposes, again just for the exercise, I wanted to see if I
could come up with the JAAS login module I had myself suggested to
Dmitry's first post. Partly because I had been unable previously to
get UnixLoginModule to work at all and I wanted to see if I could
have more success with my own. I did, although less than complete
success as discussed. No fault to AuthKit which is itself working
correctly within the already discussed intentional limitations of
the underlying native code.
Mike Hall mikehall at spacestar dot net
http://www.spacestar.net/users/mikehall
http://sourceforge.net/projects/macnative
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden
This email sent to email@hidden
