This is the mail archive of the java@gcc.gnu.org mailing list for the Java project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: gcj crashes if a user-thread gives up its rights

From: Cedric Berger <cedric at berger dot to>
To: Jost Boekemeier <jost2345 at yahoo dot de>
Cc: java at gcc dot gnu dot org
Date: Mon, 13 Dec 2004 07:32:23 +0100
Subject: Re: gcj crashes if a user-thread gives up its rights
References: <20041211153551.78395.qmail@web60110.mail.yahoo.com>

Jost Boekemeier wrote:

The java server runs with high permissions, but I want to restrict the permissions of the request-handling threads to the permissions that the user has. The user should not be able to kill other threads or remove files from the file system.

In java, this is usually do at the java level using a Security Manager.

I have to correct myself. Posix seems to specify that a setuid() applies to the whole process.

Since java does not support processes, how can one implement a server where certain parts run with reduced permissions?

1) If you need superuser only to listen to port 80, you can open the socket
before starting the VM using an helper process (like inetd) or native code,
and grab it at Java vm with:
http://java.sun.com/j2se/1.5.0/docs/api/java/nio/channels/spi/SelectorProvider.html#inheritedChannel()
or custom native code.

2) You can spawn sub-VMs using Process.exec with a reduced privilege ("su -c user java ...") You might have to do that in native code if you want to later pass sockets between instances with native pipes or such (for efficiency)

Cedric

Follow-Ups:
- Re: gcj crashes if a user-thread gives up its rights
  - From: Jost Boekemeier

References:
- gcj crashes if a user-thread gives up its rights
  - From: Jost Boekemeier

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]