RE: Runtime.exec security issue?
Any further thoughts on this issue? There must be some reason why this
won't run under Tomcat but does work stand-alone.
To recap, I am trying to execute the following code on an Xp box with Tomcat
5.0.27:
Process proc = runtime.exec(cmd.exe /C shutdown -r -f -m \\myPC -t 50);
int exitVal = proc.waitFor();
When this runs the proc exits with a value of 0 but nothing happens (no
re-boot) and no exceptions are thrown.
I have tried running the code from a batch file and without the cmd.exe /C
bit.
I have tried running Tomcat from the command line (not as service).
I have tried allowing all permissions in the catalina.policy file:
grant codeBase file:${catalina.home}/webapps/ROOT/WEB-INF/classes/- {
permission java.security.AllPermission *;
};
I CAN successfully set the the system time and date using the same approach
though.
I am truly flummoxed!
Thanks,
Andy
_
Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Runtime.exec security issue?
This behaviour makes sense to me as you are trying to display an application but there is not necessarily a windows display associated with Tomcat so it doesnt know where to launch the app to. And by the lack of error message i'd guess that the application is actually getting launched but not displayed on the console. -Original Message- From: andy wix [mailto:[EMAIL PROTECTED] Sent: 29 November 2004 09:45 To: [EMAIL PROTECTED] Subject: Runtime.exec security issue? Hi, I am trying to run a simple exec command to open notepad with code as follows: Runtime runtime = Runtime.getRuntime(); Process proc = runtime.exec(C:\\WINDOWS\\system32\\notepad.exe); This code works fine from a stand-alone program but not run under Tomcat. I CAN successfully set the the system time and date using the same approach though. I get the same results when Tomcat is not run as a service. I am running Xp with Tomcat 5.0.27. I thought this might be a java permissions issue, but I don't get any exceptions thrown - just nothing happens. Thanks, Andy _ Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Runtime.exec security issue?
Hi Matt, I have tried running the Tomcat service with 'allow service to interact with desk top' checked in the service properties - I don't know if this should allow Tomat to know about Windows? Also, I don't think the application is actually getting launched as I don't see it in the processes list. Thanks, Andy _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Runtime.exec security issue?
You could be right. I still reckon that launching graphical programs from tomcat is gonna be a bit dicey. -Original Message- From: andy wix [mailto:[EMAIL PROTECTED] Sent: 29 November 2004 10:13 To: [EMAIL PROTECTED] Subject: RE: Runtime.exec security issue? Hi Matt, I have tried running the Tomcat service with 'allow service to interact with desk top' checked in the service properties - I don't know if this should allow Tomat to know about Windows? Also, I don't think the application is actually getting launched as I don't see it in the processes list. Thanks, Andy _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Runtime.exec security issue?
Hi, Actually, I was assuming this was a simple example of a runitme call. My real goal is to allow a privelidged user to re-boot the server with the following code: runtime.exec(cmd.exe /C shutdown -r -f -m \\myPC -t 50); I would also like to call a couple of batch files. These attempts have met with the same (nothing doing) response. Cheers Andy _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Runtime.exec security issue?
Have you tried the shutdown command without launching cmd? This could also be a permissions thing if you are running as a service. By default the service will run as a non-priviliged user which you'd have to change in order to reboot. -Original Message- From: andy wix [mailto:[EMAIL PROTECTED] Sent: 29 November 2004 10:35 To: [EMAIL PROTECTED] Subject: RE: Runtime.exec security issue? Hi, Actually, I was assuming this was a simple example of a runitme call. My real goal is to allow a privelidged user to re-boot the server with the following code: runtime.exec(cmd.exe /C shutdown -r -f -m \\myPC -t 50); I would also like to call a couple of batch files. These attempts have met with the same (nothing doing) response. Cheers Andy _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Runtime.exec security issue?
Hi, I've tried without the cmd.exe bit and also I have tried with the service set to run as Administrator. Cheers Andy _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
