You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Travis McLeskey <tr...@mac.com> on 2006/12/15 21:37:19 UTC
permissions downgrading in commons-daemon jsvc
Hi,
The child() function in jsvc-unix.c does not seem to behave consistently across platforms:
- on Linux, the capabilities and uid are set (in linuxset_user_group()) BEFORE java_init() and java_load() are called
- on other platforms, set_user_group() is called AFTER java_init() and java_load()
I see that the logic has worked that way since jsvc came over from Tomcat. A comment in jsvc-unix.c says that "setuid()/setgid() only apply the current thread so we must do it now", but I don't understand that.
Does anyone remember the rationale for this inconsistency? Does it still need to work that way?
My specific problem is that, in my Daemon.init() method, I'm trying to read files that are owned and readable only by the user invoking jsvc (root, in my case), but it can't read those files after linuxset_user_group() is called. (One workaround would be to add CAP_DAC_OVERRIDE to CAPS and CAPSMIN.)
Thanks,
Travis
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
Re: permissions downgrading in commons-daemon jsvc
Posted by Bill Barker <wb...@wilshire.com>.
"Travis McLeskey" <tr...@mac.com> wrote in message
news:83E71686-010F-1000-E077-CE9268EBC82D-Webmail-10018@mac.com...
> Hi,
>
> The child() function in jsvc-unix.c does not seem to behave consistently
> across platforms:
>
> - on Linux, the capabilities and uid are set (in linuxset_user_group())
> BEFORE java_init() and java_load() are called
> - on other platforms, set_user_group() is called AFTER java_init() and
> java_load()
>
> I see that the logic has worked that way since jsvc came over from Tomcat.
> A comment in jsvc-unix.c says that "setuid()/setgid() only apply the
> current thread so we must do it now", but I don't understand that.
>
> Does anyone remember the rationale for this inconsistency? Does it still
> need to work that way?
>
I don't have a Linux box to play with right now, so I don't know. Maybe
with the newer kernal versions it isn't necessary anymore. The problem was
a security hole where on Linux other threads in the JVM (e.g. finalizer)
would retain root privileges.
I've never liked this peice of code, so would happily get rid if it. But I'm
not in a position to confirm that the newer Linux kernals have joined the
rest of the *nix world :).
> My specific problem is that, in my Daemon.init() method, I'm trying to
> read files that are owned and readable only by the user invoking jsvc
> (root, in my case), but it can't read those files after
> linuxset_user_group() is called. (One workaround would be to add
> CAP_DAC_OVERRIDE to CAPS and CAPSMIN.)
>
> Thanks,
> Travis
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org