commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: permissions downgrading in commons-daemon jsvc
Date Sat, 16 Dec 2006 04:14:01 GMT

"Travis McLeskey" <trav@mac.com> wrote in message 
news:83E71686-010F-1000-E077-CE9268EBC82D-Webmail-10018@mac.com...
> Hi,
>
> The child() function in jsvc-unix.c does not seem to behave consistently 
> across platforms:
>
> - on Linux, the capabilities and uid are set (in linuxset_user_group()) 
> BEFORE java_init() and java_load() are called
> - on other platforms, set_user_group() is called AFTER java_init() and 
> java_load()
>
> I see that the logic has worked that way since jsvc came over from Tomcat. 
> A comment in jsvc-unix.c says that "setuid()/setgid() only apply the 
> current thread so we must do it now", but I don't understand that.
>
> Does anyone remember the rationale for this inconsistency? Does it still 
> need to work that way?
>

I don't have a Linux box to play with right now, so I don't know.  Maybe 
with the newer kernal versions it isn't necessary anymore.  The problem was 
a security hole where on Linux other threads in the JVM (e.g. finalizer) 
would retain root privileges.

I've never liked this peice of code, so would happily get rid if it. But I'm 
not in a position to confirm that the newer Linux kernals have joined the 
rest of the *nix world :).


> My specific problem is that, in my Daemon.init() method, I'm trying to 
> read files that are owned and readable only by the user invoking jsvc 
> (root, in my case), but it can't read those files after 
> linuxset_user_group() is called. (One workaround would be to add 
> CAP_DAC_OVERRIDE to CAPS and CAPSMIN.)
>
> Thanks,
> Travis 




---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message