From: Dave Leach (david@healthinsite.gov.au)
Date: Tue May 28 2002 - 21:46:17 EDT
hi all...
I've been having some problems with java (jdk1.3)+chroot+nosuid segv'ing on
Solaris 8 (sparc). A review of the truss output uncovered that the problem
was due to java trying to open /dev/zero (which exists):
9189: open("/dev/zero", O_RDWR) Err#6 ENXIO
In fact, java segv's if it fails to open the device regardless of the Error
returned eg:
10453: open("/dev/zero", O_RDWR) Err#2 ENOENT
Looking back through the sunmanagers and focus-sun mail archives I noticed
that someone had the same problem with with named-xfer.
http://www.sunmanagers.org/pipermail/sunmanagers/2001-June/003951.html
It appears as though the problem for me (and the named-xfer problem) is
highlighted in mount(2):
MS_NOSUID
This option prevents programs taht are marked set-
user-ID or set-group-ID from executing (see chmod(1)).
It also causes open(2) to return ENXIO when attempting
to open block or character special files.
mount_ufs and friends (1M) do not mention this however.
I really don't want to mount my chroot jail filesystem suid, but it seems
that I'm going to have to if I want to be able to run java in it.
I can make it work, by loopback mounting /dev/zero into the chroot jail, but
see this as ugly? Does anyone see any reason why this is particularly bad,
and does anyone know of a better workaround for this?
Thanks - will summarise.
dave.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:23 EDT