Java in Linux kernel: some issues

Joe Buck (jbuck@synopsys.com)
Tue, 14 May 96 10:16:38 PDT


Brian,

Good job putting in the Linux support, but I have some problems with
it. I'm worried about security; I don't see a mechanism to restrict
setuid Java binaries, and since a shell is used, this opens up a number
of security holes. (Pardon me if I missed something here).

Also, I'm troubled by wiring in paths to the kernel; this is done
nowhere else that I'm aware of. Any CD-ROM distributor that gets
permission from Sun to ship the JDK, for example, would need to modify
the kernel since the Linux filesystem standard forbids distributors
from putting anything in /usr/local. Furthermore you're requiring
/bin/bash: Linux needs bash to configure the kernel for building but
otherwise it's not a requirement. Finally a number of free Java
tools are becoming available; these may not work the same way as
the JDK ones, for example the interpreter might be replaced by a
just-in-time compiler that is not a script.

This problem might be dealt with by adding a level of indirection,
e.g. a configuration file (say /etc/java.conf) would contain the
commands needed to exec java applications and applets -- this file
could then be changed without modifying the kernel.

Joe Buck