Menu

#2 Insecure library execution

1.0
wont-fix
nobody
None
2016-10-01
2016-09-29
L29Ah
No

grsec prevents offroadosm from running an executable from /tmp:
grsec: denied untrusted exec (due to file in world-writable directory) of /tmp/sqlite-3.8.11.2-e9e2b637-58e0-48d1-ae40-252d8ec526f8-libsqlitejdbc.so by /opt/icedtea-bin-3.1.0/bin/java[java:582] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/zsh[zsh:30800] uid/euid:1000/1000 gid/egid:1000/1000
so it doesn't work.

Discussion

  • Christian Foltin

    Christian Foltin - 2016-09-30

    Hi,

    the application can't control the way, icedtea installs its libraries. Would using openjdk be an option?
    HTH, Chris

     

  • Christian Foltin

    Christian Foltin - 2016-09-30
    • status: open --> wont-fix
     

  • L29Ah

    L29Ah - 2016-09-30

    It is not icedtea that copies the library in /tmp when offroadosm is ran.
    openjdk is icedtea, no?

     

  • Christian Foltin

    Christian Foltin - 2016-09-30

    Hi,

    well, I guess, that sqlite is doing that, but perhaps with the help of the JDK. At least OffRoad hasn't any influence on that. And with icedtea, I'm not an expert, but there are at least different packages...

    HTH, Chris

     

  • L29Ah

    L29Ah - 2016-10-01

    Ppl say you can override this behaviour: http://stackoverflow.com/a/26975881/4095104
    This should not be done in such a kludgy way i guess, but i don't even know who to bug about this library unpacking thing.

     

Log in to post a comment.

MongoDB Logo MongoDB