Invoking the Java from C++ in Linux: missing libverify.so

[Danny Woods]

Hi all,

Firstly, sorry for the cross-post: hopefully you'll agree that the
question is relevent to both audiences...

A recent project has me invoking the Java Virtual Machine from within a
small C++ startup program: this is primarily to allow me to use the
native setuid method to assume root privileges long enough to bind low
ports in Java while having the service as a whole run as a
non-privileged user. The bulk (i.e. several thousand vs. about twenty
lines) of the code is Java.

Compiling the native code on SuSE 8.2 using GCC 3.3 is:

g++ server.cc -o server -g -I /opt/j2sdk1.4.2/include -I
/opt/j2sdk1.4.2/include/linux -L /opt/j2sdk1.4.2/jre/lib/i386 -L
/opt/j2sdk1.4.2/jre/lib/i386/server -ljvm -lverify

This compiles and links without so much as a warning. Running it,
however, leads to the following error:

../server: error while loading shared libraries: libverify.so: cannot
open shared object file: No such file or directory

Sure enough, running ldd over the executable produces the following:

libjvm.so => /opt/j2sdk1.4.2/jre/lib/i386/server/libjvm.so (0x40026000)
libverify.so => not found
libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x4044b000)
libm.so.6 => /lib/libm.so.6 (0x40503000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x40526000)
libc.so.6 => /lib/libc.so.6 (0x4052e000)
libnsl.so.1 => /lib/libnsl.so.1 (0x40661000)
libdl.so.2 => /lib/libdl.so.2 (0x40676000)
libpthread.so.0 => /lib/libpthread.so.0 (0x40679000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

But running ldconfig -p correctly locates libverify.so:

libverify.so (libc6, hwcap: 0x1000000000000) =>
/opt/j2sdk1.4.2/jre/lib/i386/libverify.so

Although I have no idea what the 'hwcap' field is, and Google hasn't
been very helpful on this one (I have, of course, put the library
directories into /etc/ld.so.conf rather than setting LD_LIBRARY_PATH,
as the latter's ignored for setuid executables).

Has anyone come across something like this before? Any ideas on a
solution?

Many thanks,

Danny.

 

[IP Freely]

libverify.so (libc6, hwcap: 0x1000000000000) =>
/opt/j2sdk1.4.2/jre/lib/i386/libverify.so

Have you tried adding /opt/j2sdk1.4.2/jre/lib/i386 to your LD_LIBRARY_PATH?

 

[Wendy S]

A recent project has me invoking the Java Virtual Machine from within a
small C++ startup program:

This sounds familiar to jumping through hoops to get Java to work with PHP.
That is essentially running Java from C code. Take a look at:
http://us4.php.net/manual/en/ref.java.php
particularly the comments at the very bottom.

 

[Danny Woods]

Have you tried adding /opt/j2sdk1.4.2/jre/lib/i386 to your LD_LIBRARY_PATH?

Thanks for the suggestion, but that's unfortunately not an option. The reason
I'm going to these lengths is to prevent the java process from running as root.
This means that I have to have a regular, userland executable owned by root
and with the sticky user bit set: LD_LIBRARY_PATH is ignored for such
executables.

Thanks,

Danny.

 

[Peter T. Breuer]

Thanks for the suggestion, but that's unfortunately not an option. The reason
I'm going to these lengths is to prevent the java process from running as root.
This means that I have to have a regular, userland executable owned by root
and with the sticky user bit set: LD_LIBRARY_PATH is ignored for such
executables.

You need a suid shell and a script which calls the suid shell and then
sets LD_LIBRARY_PATH and then calls (a non suid) executable. sudo and
sperl and suidexec are candidates

Peter