有没有可用的方法让我通过JNA调用需要root权限的动态库?

huangapple go评论77阅读模式
英文:

Is there any available method for me to call a dynamic library that requires root permission through JNA?

问题

根据标题所述,动态库中的函数需要 root 权限来执行某些系统调用。如果我使用 JNA,我不知道如何满足这个要求。或者这个要求是否合适?也许我没有提供更详细的代码,但我确定这对我来说是一个有价值的问题...

英文:

As described in the title, the functions in the dynamic library need root permission to perform some system calls. If I use JNA, I don't know how to achieve this requirement.
Or is it a bad requirement?
Maybe I didn't provide more detailed code, but I'm sure it's a valuable question for me...

答案1

得分: 0

有没有可用的方法让我通过JNA调用一个需要root权限的动态库?

没有这种方法。在UNIX / Linux中,应用程序权限可以提升的唯一时机是使用exec来执行新进程,并且可执行文件的文件权限已设置为“set uid”。

这对Java来说带来了特殊的问题。将java可执行文件设为“set uid root”程序是完全不安全的。标准的java可执行文件被设计为可以通过命令参数运行任何Java类。您不能将其限制为仅运行某些已知可以安全作为root运行的类。

简而言之,如果您的Java应用程序需要root访问权限来执行某些操作(无论是在Java代码中还是在本机代码库中),则它需要由“root”用户启动。

还是这个要求不太好?

这是一个无法实现的要求。

英文:

> Is there any available method for me to call a dynamic library that requires root permission through JNA?

No there isn't. In UNIX / Linux, the only point when application permissions can be elevated is when using exec to execute a new process AND the executable has the "set uid" bit set in its file permissions.

This presents particular problems for Java. It is totally unsafe to make the java executable a "set uid root" program. The standard java executable is designed run any Java class supplied via the command arguments. You can't restrict it to only running certain classes that are known to be safe to run as root.

In short, if your Java application needs root access to do something (in Java code or in a native code library), then it needs to have been started by the root user.

> Or is it a bad requirement?

It is an unimplementable requirement.

答案2

得分: 0

关于JNA的内容不会赋予您的Java应用程序额外的权限。如果您需要提升权限来执行库函数,通常需要将这些权限授予您的Java程序,方法是将其以特权用户的身份运行。

英文:

Nothing about JNA will give your Java applications permissions it doesn't already have. If you need elevated permissions to execute a library function, you'll need to give those permissions to your Java program, usually by running it as a privileged user.

huangapple
  • 本文由 发表于 2020年9月13日 15:59:41
  • 转载请务必保留本文链接:https://go.coder-hub.com/63868491.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定