From owner-freebsd-java  Tue Aug 27  0: 1:15 2002
Delivered-To: freebsd-java@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 45D2737B400
	for <freebsd-java@FreeBSD.ORG>; Tue, 27 Aug 2002 00:01:13 -0700 (PDT)
Received: from zaphod.euronet.nl (zaphod.euronet.nl [194.134.168.213])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 793E143E3B
	for <freebsd-java@FreeBSD.ORG>; Tue, 27 Aug 2002 00:01:12 -0700 (PDT)
	(envelope-from ernst@zaphod.euronet.nl)
Received: from zaphod.euronet.nl (localhost [127.0.0.1])
	by zaphod.euronet.nl (8.12.5/8.12.5) with ESMTP id g7R71EYU040039;
	Tue, 27 Aug 2002 09:01:14 +0200 (CEST)
	(envelope-from ernst@zaphod.euronet.nl)
Received: (from ernst@localhost)
	by zaphod.euronet.nl (8.12.5/8.12.5/Submit) id g7R71Efv040038;
	Tue, 27 Aug 2002 09:01:14 +0200 (CEST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Ernst de Haan <znerd@FreeBSD.ORG>
To: dan_256@yahoo.com, K.J.Koster@kpn.com, freebsd-java@FreeBSD.ORG
Subject: Re: Jboss3ctl update (I think I know the problem)
Date: Tue, 27 Aug 2002 09:01:14 +0200
User-Agent: KMail/1.4.3
References: <20020826231204.23827.qmail@web13406.mail.yahoo.com>
In-Reply-To: <20020826231204.23827.qmail@web13406.mail.yahoo.com>
X-Address: Muiderstraat 1, Amsterdam, Netherlands
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200208270901.14099.znerd@FreeBSD.org>
Sender: owner-freebsd-java@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-java.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-java>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-java>
X-Loop: FreeBSD.org

> He's right, you can't SUID a script.  But this is precisely the problem
> because the .java_wrapper script itself can never set the environment
> variables.  So, even if you could SUID the script, it would still have
> the same problem that the "real user" is not the "effective user."  The
> only real solution is to make java not require the .java_wrapper script,
> because only then can you run the binary as another (non-root) user. As
> long as the .java_wrapper script sets up an environment for java each
> time it is run, no SUID program will work, because that ENV will be
> ignored.  SUID does not work in either case.  It does SUID with the C
> program, but that doesn't help because the ENV will die in that case. 
> Either way is broken.  Static Java anyone? -Dan

Ah! Now that's IMO a clear explanation! Now just provide the static Java 
binary and off we go! ;-)

Ernst

-- 
Ernst de Haan
EuroNet Internet B.V.

    "Come to me all who are weary and burdened
        and I will give you rest" -- Jesus Christ

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-java" in the body of the message