Sunday, April 29, 2012

Using Java Runtime.exec to invoke UNIX commands

Nice tip. Java's Runtime.exec() method can be useful to invoke external tools from your code.

I once had the idea for, and created, a utility that had a Java servlet (with an HTML form as front-end) calling a UNIX (HP-UX) C setuid program that enabled developers in my team to stop and restart Informix database servers without knowing the DB server admin password. UNIX C setuid programs are quite useful for giving less privileged OS users restricted / controlled access to privileged operation, as in my example.

Writing C setuid programs involves many potential security issues, though. Mine was deployed in a corporate environment behind firewalls, so had relatively less risks. If you're writing a setuid program for public Internet use, make sure to do a lot of research about the issues and how to mitigate them.

- Vasudev Ram

No comments: