On platform Window, we don't validate whether the temp dir
for native libraries has executable-access.
On some systems, the TEMP dir only has write-access,
but no executable-access.
IOUtil.getOSHasNoexecFS() for WINDOWS
currently returns true, i.e. we don't check executable-access.
We need to return false to perform the check and offer a workaround,
maybe similar to Bug 865.
As is, non executable temp folder will result in an exception like:
Exception in thread "AWT-EventQueue-0" java.lang.UnsatisfiedLinkError: C:\Users\ram dhuley\AppData\Local\Temp\jogamp_0000\file_cache\jln7241190548013054463\jln8954501619229889979\gluegen-rt.dll: Access is denied
Test executable permission on Windows via bat file
(temp dir, like on unix and osx).
Tested on Window 7 and Windows 8.1 using 'Using Software Restriction Policies',
i.e. disabled sw-execution in TEMP dir.
On Windows we need to add min. shell code, here 'echo off',
allowing the bat file to be executed if policy allows it.
Reminder: We test the following temp folder
3) $TMPDIR/jogamp or $TEMP/jogamp
Proper 'duplicate' validation via 'file1.equals(file2)' test
using the abstract pathname.
Software Restriction Policies
Software Restriction Policies Technical Overview
Administer Software Restriction Policies
On local machine (needs admin account, Win >= 8 professional ?!)
- Open Control Panel
- Search and Open: Administrative Tools
- Open: Local Security Policy
- Open: Software Restriction Policies
Now create an additional rule, like:
- Path Rule for C:\Temp\no-exec
- Security level: Disallowed
"There is no analog to a "noexec" mount for filesystems in Windows. Microsoft's conception of the simple "Read" permission includes the right to execute (since execution really is just the loader reading the image into memory).
You can modify the "Advanced" version of the permission to remove (or deny) "Traverse Folder / Execute File" permission. This will prevent double-click or command-line execution of .EXE files. .BAT and .CMD files will not execute from a double-click in Explorer, but they will still execute from a command prompt or using the syntax "CMD /c " from Start / Run."