From owner-freebsd-java  Tue Aug 27  1:47:24 2002
Delivered-To: freebsd-java@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id D110C37B400; Tue, 27 Aug 2002 01:47:22 -0700 (PDT)
Received: from guinness.syncrontech.com (guinness.syncrontech.com [62.71.8.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1C5A943E3B; Tue, 27 Aug 2002 01:47:21 -0700 (PDT)
	(envelope-from ari.suutari@syncrontech.com)
Received: from linux (coffee.syncrontech.com [62.71.8.37])
	by guinness.syncrontech.com (8.12.3/8.12.3) with ESMTP id g7R8lFeA064678;
	Tue, 27 Aug 2002 11:47:15 +0300 (EEST)
	(envelope-from ari.suutari@syncrontech.com)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Ari Suutari <ari.suutari@syncrontech.com>
Organization: Syncron Tech Oy
To: Ernst de Haan <znerd@FreeBSD.ORG>, dan_256@yahoo.com,
	K.J.Koster@kpn.com, freebsd-java@FreeBSD.ORG
Subject: Re: Jboss3ctl update (I think I know the problem)
Date: Tue, 27 Aug 2002 11:48:15 +0300
User-Agent: KMail/1.4.2
References: <20020826231204.23827.qmail@web13406.mail.yahoo.com> <200208270901.14099.znerd@FreeBSD.org>
In-Reply-To: <200208270901.14099.znerd@FreeBSD.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200208271148.15135.ari.suutari@syncrontech.com>
Sender: owner-freebsd-java@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-java.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-java>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-java>
X-Loop: FreeBSD.org

On Tuesday 27 August 2002 10:01, Ernst de Haan wrote:
> > He's right, you can't SUID a script.  But this is precisely the probl=
em
> > because the .java_wrapper script itself can never set the environment
> > variables.  So, even if you could SUID the script, it would still hav=
e
> > the same problem that the "real user" is not the "effective user."  T=
he
> > only real solution is to make java not require the .java_wrapper scri=
pt,
> > because only then can you run the binary as another (non-root) user. =
As
> > long as the .java_wrapper script sets up an environment for java each
> > time it is run, no SUID program will work, because that ENV will be
> > ignored.  SUID does not work in either case.  It does SUID with the C
> > program, but that doesn't help because the ENV will die in that case.
> > Either way is broken.  Static Java anyone? -Dan
>
> Ah! Now that's IMO a clear explanation! Now just provide the static Jav=
a
> binary and off we go! ;-)

=09How about just saying at the beginning of daemonctl.c

=09setuid(geteuid());

=09I tested this with a small program and after this
=09at least 'java -version' works even when the program
=09is setuid.

=09=09=09Ari S.


=09

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-java" in the body of the message