Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve detection for noexec for default extraction location #1059

Open
maloewe-ona opened this issue Jan 30, 2024 · 2 comments
Open

Improve detection for noexec for default extraction location #1059

maloewe-ona opened this issue Jan 30, 2024 · 2 comments
Labels
enhancement

Comments

@maloewe-ona
Copy link

maloewe-ona commented Jan 30, 2024
edited
Loading

Is your feature request related to a problem? Please describe.
When /tmp is mounted as noexec on Linux, sqlite-jdbc fails to load the native library with an error similar to the following:

java.lang.UnsatisfiedLinkError: /tmp/sqlite-...-libsqlitejdbc.so: /tmp/sqlite-...-libsqlitejdbc.so: failed to map segment from shared object

Users can fix this by not mounting /temp as noexec, or by specifying a custom java.io.tmpdir or org.sqlite.tmpdir system property value pointing to an (existing) directory with execution permission.
But just based on the UnsatisfiedLinkError above, it might not obvious to users what the cause is, or how to fix it.

See related issues:

Describe the solution you'd like
sqlite-jdbc should try to detect noexec or other permission errors and report them properly before trying to load the native library and causing an UnsatisfiedLinkError,
or better (?) trigger an UnsatisfiedLinkError but attach additional information, such as whether permissions are correct.

Additionally it could suggest to set the java.io.tmpdir or org.sqlite.tmpdir system property value to an (existing) directory with execution permission.

Additional context
Maybe the checks in SQLiteJDBCLoader.extractAndLoadLibraryFile should be improved:

sqlite-jdbc/src/main/java/org/sqlite/SQLiteJDBCLoader.java

Lines 207 to 209 in 2e336d9

extractedLibFile.toFile().setReadable(true);
extractedLibFile.toFile().setWritable(true, true);
extractedLibFile.toFile().setExecutable(true);

Issues with the current implementation:

  • It does not check the return value of the setReadable, ... calls
  • After the setExecutable call it should call file.canExecute()
    It seems for noexec file.setExecutable(true) succeeds but file.canExecute() is still false afterwards, so it could be detected like this.

However, I am not that familiar with Linux and the implementation details of java.io.File, so maybe there are cases where for example setReadable, ... fails but the library can still be loaded.
So maybe these checks should only be performed if an UnsatisfiedLinkError occurs, to provide additional troubleshooting information.

Potentially useful: netty/netty#6707, but I am not sure if using PosixFilePermission is really needed or if using the java.io.File API suffices.
@michael-o
Copy link
Contributor

See also:

@jdev-2020
Copy link
Contributor

use this system property to set another extraction location https://github.com/xerial/sqlite-jdbc/blob/master/src/main/java/org/sqlite/SQLiteJDBCLoader.java#L81

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@michael-o @gotson @jdev-2020 @maloewe-ona