Improve handling of dynamicaly extracted native library #985
Comments
|
Just saw this while looking at something else. Do you really get a directory at |
|
JNA uses a user-specific directory unless you set the system property
jna.tmpdir (see
https://github.com/java-native-access/jna/blob/master/src/com/sun/jna/Native.java#L1277
).
If you're providing JNA as a standard system resource, then you should
really just install the shared library and avoid the automatic unpacking
and temporary file altogether.
…On Mon, Jul 9, 2018 at 12:29 PM, Neil C Smith ***@***.***> wrote:
Just saw this while looking at something else. Do you really get a
directory at /tmp/jna/!?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#985 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAuMrbhX9YBCGD7rCJYlYyRr7iySF8Zaks5uE4UEgaJpZM4VGRMT>
.
|
|
Ok - if someone wants to improve the situation, I'm all for it, BUT: The problem does not exist in the described manner. At least for the last five years, JNA uses For the security impact: Yes it is a race condition - an attacker can create a colliding directory with a library file, that has access permissions, that are wider than the umask of the calling user (if the umask of the user is that wide open, he/she has worse problems). It is a timing attack, as the file needs to be rewritten after JNA has expanded its embedded library. This should be improved. If someone wants to take this on, this is what I suggest:
That comment is relevant for |
matthiasblaesing
changed the title
…ive library. On Mac OS X systems `~/Library/Application Support/JNA/temp` and on other Unix like systems `$XDG_CACHE_DIR/JNA/temp` (Default value is: `~/.cache/JNA/temp`) is used. Behaviour on windows is unchanged, as since Vista the tempdir is by default inside the user profile directory. Closes: java-native-access#985
|
PR #1013 should address the problems. Please have a look at it. |
|
Hmm, it will still break when the same user runs separate JVMs with different versions of JNA... You forgot the "per native version" part :) |
|
Well, what is "per native version"? Wouldn't the ideal thing be for this all to be process segregated? In which case, I'm wondering whether a hash of the resource URL from the ClassLoader could be added to the folder or file name? |
|
I'd just pick a non-deterministic (random) value and call it a day. In our specific case on freenet, we have problems with the test-suite running the same code with different JVMs concurrently... and that seems to fail on occasion (probably because there's a race where the files get renamed/deleted and loaded by another JVM) |
|
I strongly doubt, that your problem is related to the extraction logic. From File dir = getTempDir();
lib = File.createTempFile(JNA_TMPLIB_PREFIX, Platform.isWindows()?".dll":null, dir);
if (!Boolean.getBoolean("jnidispatch.preserve")) {
lib.deleteOnExit();
}
fos = new FileOutputStream(lib);
int count;
byte[] buf = new byte[1024];
while ((count = is.read(buf, 0, buf.length)) > 0) {
fos.write(buf, 0, count);
}For your argumentation it is relevant, that
I don't see how this can clash - sure SecureRandom can create the same number twice. So you claim there is a security problem - that is fixed by my patch, as it moves the files into the users home -- if that is not secured, all is lost. You further claim there is an issue when creating the temp file, I don't see how this is possible with the construction above. Please provide stack traces and reasoning why you think there is an issue in JNA. |
…ive library. On Mac OS X systems `~/Library/Caches/JNA/temp` and on other Unix like systems `$XDG_CACHE_DIR/JNA/temp` (Default value is: `~/.cache/JNA/temp`) is used. Behaviour on windows is unchanged, as since Vista the tempdir is by default inside the user profile directory. Closes: java-native-access#985
…ive library. On Mac OS X systems `~/Library/Caches/JNA/temp` and on other Unix like systems `$XDG_CACHE_DIR/JNA/temp` (Default value is: `~/.cache/JNA/temp`) is used. Behaviour on windows is unchanged, as since Vista the tempdir is by default inside the user profile directory. Closes: java-native-access#985
|
@nextgens I merged the changeset as it improves the situation. I would be interested in your original problem - stacktraces/detailed logs would be helpful. Feel free to take this to the google group. |
JNA creates a temporary folder at a known location (harcoded path: /tmp/jna) to do its deed.
Unlike the system's temporary folder, it doesn't set the sticky bit on it... so on multi user systems, several problems arise :
I've located at least two separate occurences of the problem:
jna/src/com/sun/jna/Native.java
Line 1277 in d42375c
jna/contrib/platform/src/com/sun/jna/platform/win32/COM/tlb/TlbImp.java
Line 138 in ea9de70
In both cases, the easy fix is to make the directory name "instance" specific with an unpredictable path:
https://docs.oracle.com/javase/7/docs/api/java/nio/file/Files.html#createTempDirectory(java.lang.String,%20java.nio.file.attribute.FileAttribute...)
Seems irrelevant... but it does affect 4.5.1
The text was updated successfully, but these errors were encountered: