tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jean-frederic clere <jfrederic.cl...@fujitsu-siemens.com>
Subject Re: [Kin-Man] Jasper compiling wrong stuff in the wrong place...
Date Wed, 22 May 2002 08:53:22 GMT
Pier Fumagalli wrote:
> 
> "jean-frederic clere" <jfrederic.clere@fujitsu-siemens.com> wrote:
> 
> > Pier Fumagalli wrote:
> >>
> >> "jean-frederic clere" <jfrederic.clere@fujitsu-siemens.com> wrote:
> >>
> >>> Pier Fumagalli wrote:
> >>>>
> >>>> "Remy Maucherat" <remm@apache.org> wrote:
> >>>>
> >>>>> Thanks for the report Pier. I had been wondering for AGES why the
CL would
> >>>>> reload the webapp "randomly" after accessing a JSP, telling that
a bean
> >>>>> class had been modified. I couldn't find a reason why it was a bug
(the
> >>>>> logging I added to investigate this displayed different dates which
didn't
> >>>>> appear bogus), but I failed to undestand why it happened.
> >>>>
> >>>> Yeah, I wonder why noone actually noticed this before... Am I the only
> >>>> idiot
> >>>> using TC4 in a secure production environment? (Meaning, chrooted JVM
and
> >>>> suid execution, with access only to the "work" directory)?
> >>>
> >>> Last time I have tried this I noted that it did not work: TC tries to
> >>> write in several places (at least conf and webapps).
> >>
> >> Conf works... I'll never give him access to my configurations directory...
> >> :) One trick is _never_ to put any source .java file anywhere in the WEB-INF
> >> directory, so that the "useBean" thing won't try to compile them (or at
> >> least, it seems to be working this way)
> >
> > What are you using to make chroot, setuid and co?
> 
> Oh, not that hard... This works on Solaris, the trick is set up your entire
> CHROOTED environment (finding library dependancies, and that kind of crap).

I am trying to use jakarta-commons-sandbox/daemon (so that the TC runs on port
80 or 88).
Probably that adds some dependancy to the JVM...

> 
>     Pier
> 
> #include <sys/types.h>
> #include <unistd.h>
> #include <string.h>
> #include <errno.h>
> #include <stdio.h>
> #include <pwd.h>
> 
> int main(int argc, char *argv[]) {
>     struct passwd *user=NULL;
>     char **args=NULL;
>     int x;
> 
>     if (argc<4) {
>         fprintf(stderr, "Usage: %s [user] [chroot] [command]
> [...]\n",argv[0]);
>         return(1);
>     }
> 
>     if ((user=getpwnam(argv[1]))==NULL) {
>         fprintf(stderr, "%s cannot retrieve user \"%s\"
> profile\n",argv[0],argv[1]);
>         return(2);
>     }
> 
>     if (chroot(argv[2])!=0) {
>         fprintf(stderr, "%s cannot chroot to \"%s\"\n",argv[0],argv[2]);
>         return(2);
>     }
> 
>     if (setgroups(1,&user->pw_gid)!=0) {
>         fprintf(stderr, "%s cannot set groups id\n", argv[0]);
>         return(2);
>     }
> 
>     if (setgid(user->pw_gid)!=0) {
>         fprintf(stderr, "%s cannot set effective group id\n", argv[0]);
>         return(2);
>     }
> 
>     if (setegid(user->pw_gid)!=0) {
>         fprintf(stderr, "%s cannot set real group id\n", argv[0]);
>         return(2);
>     }
> 
>     if (setuid(user->pw_uid)!=0) {
>         fprintf(stderr, "%s cannot set effective user id\n", argv[0]);
>         return(2);
>     }
> 
>     if (seteuid(user->pw_uid)!=0) {
>         fprintf(stderr, "%s cannot set real user id\n", argv[0]);
>         return(2);
>     }
> 
>     args=(char **)malloc((argc-2)*sizeof(char *));
>     for (x=3; x<argc; x++) args[x-3]=argv[x];
>     args[argc-2]=NULL;
> 
>     execvp(argv[3], args);
>     fprintf(stderr, "%s: %s: %s\n", argv[0], argv[3], strerror(errno));
> }
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message