Re: [APPL:DarwinDev] How Do I Run a Java App with Superuser Privileges?
Re: [APPL:DarwinDev] How Do I Run a Java App with Superuser Privileges?
- Subject: Re: [APPL:DarwinDev] How Do I Run a Java App with Superuser Privileges?
- From: "Jay A. Kreibich" <email@hidden>
- Date: Tue, 14 Dec 2004 10:44:21 -0600
On Mon, Dec 13, 2004 at 08:55:37PM -0800, William C. McCain scratched on the wall:
> It works fine in a shell when I prefix my application with "sudo". But
> I can't ask users to do that! I have also been able to get it to work
> from an AppleScript (something like 'do shell script "sudo open
> MyApp"'). That will be what I will have to ship, unless there is a
> better, more "transparent" solution.
>
> Any ideas?
One of the things I've done to access privileged ports in complex
perl applications (e.g. stuff that would never run "tainted") is
to write a small external C/C++ wrapper. The C program can be setuid
or run via sudo and can route communications to some other
non-privileged networking port, UNIX socket, or stdin/out.
In my case, it was for outgoing connections (a legacy application
that depended on some aspects of the auth/auth system wanting
privileged ports-- don't get me started...). Incoming are a bit
trickier since you can have more than one, but something that just
bounces to the privileged port to another port (including multiple
connections) that your non-root application can listen on should
only be a ~100 line C program.
-j
--
Jay A. Kreibich | Comm. Technologies, R&D
email@hidden | Campus IT & Edu. Svcs.
<http://www.uiuc.edu/~jak> | University of Illinois at U/C
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden