headius
commented
4 years ago You make a good point. I don't see a problem with this. Perhaps you can propose a PR and we can iterate on that a bit until it behaves like we want?
Closed rpdai closed 4 years ago
headius
commented
4 years ago You make a good point. I don't see a problem with this. Perhaps you can propose a PR and we can iterate on that a bit until it behaves like we want?
headius
commented
4 years ago @rpdai I have pushed #81, if you want to give it a try. I'll proceed with releasing it at some point, but I'd like to have your feedback.
rpdai
commented
4 years ago @headius that's fantastic! I'll take a look
headius
commented
4 years ago @rpdai I'm happy to merge and release that change, but it would be great if you could confirm it works for you!
headius
commented
4 years ago Fixed by #81 using property jffi.extract.dir.
Hi, I would like a new property to be able to override the StubLoader's use of java.io.tmpdir with another directory.
In commit b0992bb64fb91a506e04b3ad02fde239198815e3 there is now a very clear error recommending to have the tmp directory be noexec. However, given the large number of libraries that can potentially use java.io.tmpdir, this raises a security concern. Especially for web servers where there is a desire to lock down the temp directory for uploads/downloads, it would be great to put noexec on it. Executable temporary files are the exception rather than the rule, and so it's best if they can be handled separately.
JFFI does provide some boot path options already, which is helpful, however these do not extract the stub from the jar.
See https://github.com/lmdbjava/lmdbjava/issues/155 for an example of a downstream library using JFFI, which is now able to customize its own shared library location.