From owner-freebsd-java Tue Aug 27 17:11:47 2002 Delivered-To: freebsd-java@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A32837B407; Tue, 27 Aug 2002 17:11:44 -0700 (PDT) Received: from mgr2.xmission.com (mgr2.xmission.com [198.60.22.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 437EE43E84; Tue, 27 Aug 2002 17:11:36 -0700 (PDT) (envelope-from glewis@eyesbeyond.com) Received: from mail by mgr2.xmission.com with spam-scanned (Exim 3.35 #1) id 17jqQp-00071K-00; Tue, 27 Aug 2002 18:11:35 -0600 Received: from [207.135.128.145] (helo=misty.eyesbeyond.com) by mgr2.xmission.com with esmtp (Exim 3.35 #1) id 17jqQo-000711-00; Tue, 27 Aug 2002 18:11:34 -0600 Received: (from glewis@localhost) by misty.eyesbeyond.com (8.11.6/8.11.6) id g7S0BS658032; Wed, 28 Aug 2002 09:41:28 +0930 (CST) (envelope-from glewis@eyesbeyond.com) X-Authentication-Warning: misty.eyesbeyond.com: glewis set sender to glewis@eyesbeyond.com using -f Date: Wed, 28 Aug 2002 09:41:28 +0930 From: Greg Lewis To: Ernst de Haan Cc: dan_256@yahoo.com, K.J.Koster@kpn.com, freebsd-java@FreeBSD.ORG Subject: Re: Jboss3ctl update (I think I know the problem) Message-ID: <20020828094127.A58001@misty.eyesbeyond.com> References: <20020826231204.23827.qmail@web13406.mail.yahoo.com> <200208270901.14099.znerd@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200208270901.14099.znerd@FreeBSD.org>; from znerd@FreeBSD.ORG on Tue, Aug 27, 2002 at 09:01:14AM +0200 X-Spam-Status: No, hits=-3.0 required=8.0 tests=IN_REP_TO,X_AUTH_WARNING,DOUBLE_CAPSWORD version=2.31 X-Spam-Level: Sender: owner-freebsd-java@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Aug 27, 2002 at 09:01:14AM +0200, Ernst de Haan wrote: > > He's right, you can't SUID a script. But this is precisely the problem > > because the .java_wrapper script itself can never set the environment > > variables. So, even if you could SUID the script, it would still have > > the same problem that the "real user" is not the "effective user." The > > only real solution is to make java not require the .java_wrapper script, > > because only then can you run the binary as another (non-root) user. As > > long as the .java_wrapper script sets up an environment for java each > > time it is run, no SUID program will work, because that ENV will be > > ignored. SUID does not work in either case. It does SUID with the C > > program, but that doesn't help because the ENV will die in that case. > > Either way is broken. Static Java anyone? -Dan > > Ah! Now that's IMO a clear explanation! Now just provide the static Java > binary and off we go! ;-) Since it has only one threading subsystem, 1.4 uses a natively executable java rather than a shell script wrapper. Its not static in the usual sense of the word, but I think Dan was using that term in respect to a native executable rather than an interpreted script. -- Greg Lewis Email : glewis@eyesbeyond.com Eyes Beyond Web : http://www.eyesbeyond.com Information Technology FreeBSD : glewis@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-java" in the body of the message