|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
OL&L Lists <email@hidden> wrote: >So in other words, the solution is to setuid *before* the process is >launched - and that there is no way to elevate it to root once it is >running if it wasn't launched as root. Yes. That's how Unix/Posix security is fundamentally designed. >It's probably not a good idea to launch any Java app as root - >period. That seems superstitious to me. I don't see how Java is better or worse than any other kind of executable run as root. Every form has different exposures, so you have to thoroughly understand what you're doing. Omnipotence requires knowledge and responsibility. The crucial element, as always, is to ensure the correctness and trustworthiness of the execution. This includes ancillary elements, especially any ancillaries that might affect execution in any way (e.g. implicit classpath elements; GIFs or JPEGs that might cause a native fault or an unexpected exception, etc.). In general, writing a Java program that runs safely as root is pretty much the same as writing any other program that runs safely as root. All the same precautions and advice apply, though the specific details may differ. > I guess I will have to pursue the port-redirection or file >descriptors approach then. Pursuing file descriptors, you may find the Java class FileDescriptor useful. I don't know exactly what the presumed representation inside FileDescriptor is, but it might be worth looking at. -- GG _______________________________________________ Do not post admin requests to the list. They will be ignored. Java-dev mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
Visit the Apple Store online or at retail locations.
Copyright © 2011 Apple Inc. All rights reserved.