Date: Tue, 27 Aug 2002 11:48:15 +0300 From: Ari Suutari <ari.suutari@syncrontech.com> To: Ernst de Haan <znerd@FreeBSD.ORG>, dan_256@yahoo.com, K.J.Koster@kpn.com, freebsd-java@FreeBSD.ORG Subject: Re: Jboss3ctl update (I think I know the problem) Message-ID: <200208271148.15135.ari.suutari@syncrontech.com> In-Reply-To: <200208270901.14099.znerd@FreeBSD.org> References: <20020826231204.23827.qmail@web13406.mail.yahoo.com> <200208270901.14099.znerd@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 27 August 2002 10:01, Ernst de Haan wrote: > > He's right, you can't SUID a script. But this is precisely the probl= em > > because the .java_wrapper script itself can never set the environment > > variables. So, even if you could SUID the script, it would still hav= e > > the same problem that the "real user" is not the "effective user." T= he > > only real solution is to make java not require the .java_wrapper scri= pt, > > because only then can you run the binary as another (non-root) user. = As > > long as the .java_wrapper script sets up an environment for java each > > time it is run, no SUID program will work, because that ENV will be > > ignored. SUID does not work in either case. It does SUID with the C > > program, but that doesn't help because the ENV will die in that case. > > Either way is broken. Static Java anyone? -Dan > > Ah! Now that's IMO a clear explanation! Now just provide the static Jav= a > binary and off we go! ;-) =09How about just saying at the beginning of daemonctl.c =09setuid(geteuid()); =09I tested this with a small program and after this =09at least 'java -version' works even when the program =09is setuid. =09=09=09Ari S. =09 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-java" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208271148.15135.ari.suutari>