From owner-freebsd-java Tue Aug 27 0: 1:15 2002 Delivered-To: freebsd-java@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 45D2737B400 for ; Tue, 27 Aug 2002 00:01:13 -0700 (PDT) Received: from zaphod.euronet.nl (zaphod.euronet.nl [194.134.168.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id 793E143E3B for ; Tue, 27 Aug 2002 00:01:12 -0700 (PDT) (envelope-from ernst@zaphod.euronet.nl) Received: from zaphod.euronet.nl (localhost [127.0.0.1]) by zaphod.euronet.nl (8.12.5/8.12.5) with ESMTP id g7R71EYU040039; Tue, 27 Aug 2002 09:01:14 +0200 (CEST) (envelope-from ernst@zaphod.euronet.nl) Received: (from ernst@localhost) by zaphod.euronet.nl (8.12.5/8.12.5/Submit) id g7R71Efv040038; Tue, 27 Aug 2002 09:01:14 +0200 (CEST) Content-Type: text/plain; charset="iso-8859-1" From: Ernst de Haan To: dan_256@yahoo.com, K.J.Koster@kpn.com, freebsd-java@FreeBSD.ORG Subject: Re: Jboss3ctl update (I think I know the problem) Date: Tue, 27 Aug 2002 09:01:14 +0200 User-Agent: KMail/1.4.3 References: <20020826231204.23827.qmail@web13406.mail.yahoo.com> In-Reply-To: <20020826231204.23827.qmail@web13406.mail.yahoo.com> X-Address: Muiderstraat 1, Amsterdam, Netherlands MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200208270901.14099.znerd@FreeBSD.org> Sender: owner-freebsd-java@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > He's right, you can't SUID a script. But this is precisely the problem > because the .java_wrapper script itself can never set the environment > variables. So, even if you could SUID the script, it would still have > the same problem that the "real user" is not the "effective user." The > only real solution is to make java not require the .java_wrapper script, > because only then can you run the binary as another (non-root) user. As > long as the .java_wrapper script sets up an environment for java each > time it is run, no SUID program will work, because that ENV will be > ignored. SUID does not work in either case. It does SUID with the C > program, but that doesn't help because the ENV will die in that case. > Either way is broken. Static Java anyone? -Dan Ah! Now that's IMO a clear explanation! Now just provide the static Java binary and off we go! ;-) Ernst -- Ernst de Haan EuroNet Internet B.V. "Come to me all who are weary and burdened and I will give you rest" -- Jesus Christ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-java" in the body of the message