All Packages  This Package  Class Hierarchy  Class Search  Index
Class app.authkit.tools.tasks.RunEat 
java.lang.Object
   |
   +----app.authkit.tools.tasks.CommonTask
           |
           +----app.authkit.tools.tasks.RunEat

  Summary 

public class  RunEat
     extends app.authkit.tools.tasks.CommonTask
{
          // Constructors 1
     public RunEat();

          // Methods 1
     public int perform(String[], Authorization);
}

RunEat runs arbitrary commands, whose output is ultimately consumed.


  Cross Reference

Extended By:
RunOut





  Constructors

· RunEat

Summary  |  Top 
   public RunEat()

Create a do-anything Task.



  Methods

· perform

Summary  |  Top 
   public int perform(String[] args, 
                      Authorization auth)

Treat the args as a command to execute, with its args. The Process's stdout is sent to System.out. It's exit-status is my return status.

Although we send the Process's stdout to my System.out, we don't declare this as an output-producing Task with producesOutput(). As a result, the output is ultimately sent to a bit-bucket stream set up by Envoy. The reason for doing it this way is so RunOut can be implemented simply by returning true from producesOutput(), while still using this same perform(). The two classes are thus interdependent, but that's fine for these two fellows.

This method enforces the underlying Authorization policy rules by calling authorize(). The Privilege is a root-execute Privilege created by makeExecPrivilege(), with the command-name taken from args[0]. This is exactly the Privilege to use here.

The authorize() call is not permitted user-interaction, because this code should not be running interactively. Either we already have the Privilege granted, or it's implied by the effective-uid of root, but we do not allow user authentication now. If it fails, it fails, and the Envoy will terminate appropriately.

This use of authorize() is the typical approach to guarding a restricted section of code. Do not omit it just because you think it's safe to assume it's running as root. Good security means not making assumptions.

Implements:
perform in interface Task 

All Packages  This Package  Class Hierarchy  Class Search  Index
Freshly brewed Java API Documentation automatically generated with polardoc Version 1.0.7