Closed hauntingEcho closed 4 years ago
To specify the java.io.tmpdir System property, you can invoke the JVM as follows:
java -Djava.io.tmpdir=/path/to/tmpdir
at runtime for your application with strange mount permissions.
to clarify a bit, the use case for this is a web interface control for a sensor network. As web-facing things tend to be a target for attack, setting noexec
on Java's general java.io.tmpdir
makes vulnerabilities more difficult to exploit. I'm aware that the value of java.io.tmpdir
can be changed - the question in this ticket was about disconnecting the piece which needs to be able to execute generated code (in NativeResource
) from the general Java temp directory (which should not really be executing code coming from a web interface). Apologies if my original post was unclear.
Currently, when
java.io.tmpdir
is mounted on anoexec
filesystem (as is a common recommendation for the temp directory) nrjavaserial will fail to load its native libraries.This ends up giving the user errors such as:
Being able to configure the library used for dynamic loading, separately from the general temp directory, would be appreciated. It's currently set to the tmpdir here: https://github.com/NeuronRobotics/nrjavaserial/blob/aabb2fad00cabdb7c16be6e247c2d3121bafa780/src/main/java/gnu/io/NativeResource.java#L229