search

NeuronRobotics / nrjavaserial

A Java Serial Port system. This is a fork of the RXTX project that uses in jar loading of the native code.
Other
344 stars 143 forks source link

native libraries not loading when the temp directory is mounted `noexec` #155

Closed hauntingEcho closed 4 years ago

hauntingEcho commented 4 years ago

Currently, when java.io.tmpdir is mounted on a noexec filesystem (as is a common recommendation for the temp directory) nrjavaserial will fail to load its native libraries.

This ends up giving the user errors such as:

Launching the openHAB runtime...
/openhab/userdata/tmp/libNRJavaSerialv8_HF_openhab_0/libNRJavaSerialv8_HF.so: /openhab/userdata/tmp/libNRJavaSerialv8_HF_openhab_0/libNRJavaSerialv8_HF.so: failed to map segment from shared object
/openhab/userdata/tmp/libNRJavaSerialv8_openhab_0/libNRJavaSerialv8.so: /openhab/userdata/tmp/libNRJavaSerialv8_openhab_0/libNRJavaSerialv8.so: cannot open shared object file: No such file or directory
/openhab/userdata/tmp/libNRJavaSerialv7_HF_openhab_0/libNRJavaSerialv7_HF.so: /openhab/userdata/tmp/libNRJavaSerialv7_HF_openhab_0/libNRJavaSerialv7_HF.so: failed to map segment from shared object
/openhab/userdata/tmp/libNRJavaSerialv7_openhab_0/libNRJavaSerialv7.so: /openhab/userdata/tmp/libNRJavaSerialv7_openhab_0/libNRJavaSerialv7.so: cannot open shared object file: No such file or directory
/openhab/userdata/tmp/libNRJavaSerialv6_HF_openhab_0/libNRJavaSerialv6_HF.so: /openhab/userdata/tmp/libNRJavaSerialv6_HF_openhab_0/libNRJavaSerialv6_HF.so: failed to map segment from shared object
/openhab/userdata/tmp/libNRJavaSerialv6_openhab_0/libNRJavaSerialv6.so: /openhab/userdata/tmp/libNRJavaSerialv6_openhab_0/libNRJavaSerialv6.so: cannot open shared object file: No such file or directory
/openhab/userdata/tmp/libNRJavaSerialv5_openhab_0/libNRJavaSerialv5.so: /openhab/userdata/tmp/libNRJavaSerialv5_openhab_0/libNRJavaSerialv5.so: cannot open shared object file: No such file or directory
java.lang.UnsatisfiedLinkError: gnu.io.RXTXCommDriver.nativeGetVersion()Ljava/lang/String; thrown while loading gnu.io.RXTXCommDriver
java.lang.NoClassDefFoundError: Could not initialize class gnu.io.RXTXCommDriver thrown while loading gnu.io.RXTXCommDriver
java.lang.NoClassDefFoundError: Could not initialize class gnu.io.RXTXCommDriver thrown while loading gnu.io.RXTXCommDriver

Being able to configure the library used for dynamic loading, separately from the general temp directory, would be appreciated. It's currently set to the tmpdir here: https://github.com/NeuronRobotics/nrjavaserial/blob/aabb2fad00cabdb7c16be6e247c2d3121bafa780/src/main/java/gnu/io/NativeResource.java#L229

madhephaestus commented 4 years ago

To specify the java.io.tmpdir System property, you can invoke the JVM as follows:

java -Djava.io.tmpdir=/path/to/tmpdir

at runtime for your application with strange mount permissions.

hauntingEcho commented 4 years ago

to clarify a bit, the use case for this is a web interface control for a sensor network. As web-facing things tend to be a target for attack, setting noexec on Java's general java.io.tmpdir makes vulnerabilities more difficult to exploit. I'm aware that the value of java.io.tmpdir can be changed - the question in this ticket was about disconnecting the piece which needs to be able to execute generated code (in NativeResource) from the general Java temp directory (which should not really be executing code coming from a web interface). Apologies if my original post was unclear.