You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@storm.apache.org by "Tibor Kiss (JIRA)" <ji...@apache.org> on 2017/02/24 07:14:44 UTC

[jira] [Updated] (STORM-2348) Capability support in worker-launcher

     [ https://issues.apache.org/jira/browse/STORM-2348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tibor Kiss updated STORM-2348:
------------------------------
    Summary: Capability support in worker-launcher  (was: setuid(0) & setgid call results are not checked in worker-launcher)

> Capability support in worker-launcher
> -------------------------------------
>
>                 Key: STORM-2348
>                 URL: https://issues.apache.org/jira/browse/STORM-2348
>             Project: Apache Storm
>          Issue Type: Improvement
>          Components: storm-core
>            Reporter: Tibor Kiss
>            Assignee: Tibor Kiss
>
> worker-launcher elevates it's privileges using {{setuid(0)}} and {{setgid(group_info->gr_gid)}} calls:
> https://github.com/apache/storm/blob/master/storm-core/src/native/worker-launcher/impl/main.c#L116-L119
> The current implementation does not validate the return value of those calls, rather it checks' the privileges (setuid + root ownership) of the binary through {{check_executor_binary()}}
> This approach works correctly, but it could be improved: 
> If we'd check the return values of setuid(0) & setgid() and drop the binary check it would be possible to gain elevated privileges using CAP_SETUID & CAP_SETGID. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)