search

RawrUniversal / xerial

Automatically exported from code.google.com/p/xerial
0 stars 1 forks source link

jdbc: native driver requires 'exec' permissions on /tmp partition #58

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Some unix/linux system administrators mount their /tmp partition with the
'noexec' flag for improved security.  (This blocks malicious software from
deploying an installer into the /tmp directory and launching it.  This
complements mounting /home with the 'noexec' flag.)

Unfortunately native libraries (*.so) require 'exec' permission to
function. The jdbc driver will deploy the native library but be unable to
load it.  The pure java driver still works so there's no loss of
functionality but it's frustrating if you expected to be running the native
driver.

A reasonable workaround is documenting a way to specify a different
location for the native library.  This would allow the system administrator
to grab the native library and put it in a trusted location (e.g.,
/var/local/lib) that has the 'exec' flag set.  N.B., the driver will not be
able to deploy to this location, but it could use a library that the system
administrator has already vetted and put into the system.

This is sqlite-jdbc 3.6.20 on Linux.

Original issue reported on code.google.com by bgiles%c...@gtempaccount.com on 10 Mar 2010 at 8:29

GoogleCodeExporter commented 8 years ago 
I will add a configuration parameter for setting the temporary folder location 
to which 
the native driver is deployed.

Original comment by taroleo on 11 Mar 2010 at 12:11

GoogleCodeExporter commented 8 years ago 
Hi Giles, 

I found another workaround for this problem. Set "java.io.tmpdir" property to 
anywhere you want, because our sqlite-jdbc library extract *.so files into that 
directory. 

For example, you can use JVM option parameter:
java -Djava.io.tmpdir=/home/leo/tmp (your program) ...

Or, you can set that parameter inside the program:
System.setProperty("java.io.tmpdir", "/home/leo/tmp");

Are these solutions are sufficient for your needs?

Original comment by taroleo on 11 Mar 2010 at 7:03

GoogleCodeExporter commented 8 years ago

Original comment by taroleo on 12 Mar 2010 at 9:14

GoogleCodeExporter commented 8 years ago

Original comment by taroleo on 12 Mar 2010 at 9:16