Date: Tue, 27 Aug 2002 11:48:15 +0300 From: Ari Suutari <ari.suutari@syncrontech.com> To: Ernst de Haan <znerd@FreeBSD.ORG>, dan_256@yahoo.com, K.J.Koster@kpn.com, freebsd-java@FreeBSD.ORG Subject: Re: Jboss3ctl update (I think I know the problem) Message-ID: <200208271148.15135.ari.suutari@syncrontech.com> In-Reply-To: <200208270901.14099.znerd@FreeBSD.org> References: <20020826231204.23827.qmail@web13406.mail.yahoo.com> <200208270901.14099.znerd@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
On Tuesday 27 August 2002 10:01, Ernst de Haan wrote: > > He's right, you can't SUID a script. But this is precisely the problem > > because the .java_wrapper script itself can never set the environment > > variables. So, even if you could SUID the script, it would still have > > the same problem that the "real user" is not the "effective user." The > > only real solution is to make java not require the .java_wrapper script, > > because only then can you run the binary as another (non-root) user. As > > long as the .java_wrapper script sets up an environment for java each > > time it is run, no SUID program will work, because that ENV will be > > ignored. SUID does not work in either case. It does SUID with the C > > program, but that doesn't help because the ENV will die in that case. > > Either way is broken. Static Java anyone? -Dan > > Ah! Now that's IMO a clear explanation! Now just provide the static Java > binary and off we go! ;-) How about just saying at the beginning of daemonctl.c setuid(geteuid()); I tested this with a small program and after this at least 'java -version' works even when the program is setuid. Ari S. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-java" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208271148.15135.ari.suutari>