gcj crashes if a user-thread gives up its rights

Cedric Berger cedric@berger.to
Mon Dec 13 06:32:00 GMT 2004


Jost Boekemeier wrote:

>The java server runs with high permissions, but I want
>to restrict the permissions of the request-handling
>threads to the permissions that the user has.  The
>user should not be able to kill other threads or
>remove files from the file system.
>  
>
In java, this is usually do at the java level using a Security Manager.

>I have to correct myself.  Posix seems to specify that
>a setuid() applies to the whole process.  
>
>Since java does not support processes, how can one
>implement a server where certain parts run with
>reduced permissions?
>  
>
1) If you need superuser only to listen to port 80, you can open the socket
before starting the VM using an helper process (like inetd) or native code,
and grab it at Java vm with:
http://java.sun.com/j2se/1.5.0/docs/api/java/nio/channels/spi/SelectorProvider.html#inheritedChannel()
or custom native code.

2) You can spawn sub-VMs using Process.exec with a reduced privilege
("su -c user java ...") You might have to do that in native code if you want
to later pass sockets between instances with native pipes or such (for 
efficiency)

Cedric





More information about the Java mailing list