From owner-freebsd-audit  Fri Sep 13 13: 2:16 2002
Delivered-To: freebsd-audit@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id E73EC37B401; Fri, 13 Sep 2002 13:02:10 -0700 (PDT)
Received: from smtp.hccnet.nl (smtp.hccnet.nl [62.251.0.13])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id F062843E42; Fri, 13 Sep 2002 13:01:52 -0700 (PDT)
	(envelope-from znerd@FreeBSD.org)
Received: from there by smtp.hccnet.nl
	via uds69-45.dial.hccnet.nl [62.251.45.69] with SMTP
	id WAA09258 (8.8.8/1.13); Fri, 13 Sep 2002 22:01:49 +0200 (MET DST)
Message-Id: <200209132001.WAA09258@smtp.hccnet.nl>
Content-Type: text/plain;
  charset="iso-8859-1"
From: Ernst de Haan <znerd@FreeBSD.org>
Organization: FreeBSD Project
To: audit@FreeBSD.org
Subject: daemonctl.c: setuid/setgid
Date: Fri, 13 Sep 2002 22:01:48 +0200
X-Mailer: KMail [version 1.3.2]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Cc: Ari Suutari <ari.suutari@syncrontech.com>,
	Kris Kennaway <kris@obsecurity.org>, java@FreeBSD.org
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

Dear audit :)


Hereby I request a review of a patch for a daemon control program.

The file in question is: ports/www/jakarta-tomcat4/files/daemonctl.c

This program is specifically written for controlling the starting and 
stopping of Java-based web servers and application servers. The idea is that 
anyone in a certain group (typically group 'www') can call this program. The 
program will then assume a certain identity (typically user 'www') before 
starting the Java virtual machine. The daemonctl program is installed as both 
setuid and setgid.

This daemonctl program is first preprocessed by the makefile to customize it 
for a certain web/application server.

The daemonctl program is used for these ports:
o Tomcat 3.x (www/jakarta-tomcat3)
o Tomcat 4.0.x (www/jakarta-tomcat4)
o Tomcat 4.1.x (www/jakarta-tomcat41)
o Orion/stable (www/orion)
o Orion/current (www/orion-devel)
o JBoss 2.x (java/jboss2)
o JBoss 3.x (java/jboss3)

The problem is that a number of Java virtual machines need an environment to 
be set up before starting up. This includes the native FreeBSD JDK 1.3.1 
(from ports/java/jdk13).

A suggested solution (by Ari Suutari) is that at the beginning of the 
daemonctl program the following code is executed:

   setuid(geteuid());
   setgid(getegid())

(Just above the ``argument = argv[1];'' line).

I ask for this review because I don't know what the exact consequences of 
this are. Kris suggested that I should get this reviewed by audit.

Is it okay to commit these changes or would they impact security?


SEE ALSO:

1. The thread about this subject on freebsd-java:
http://www.geocrawler.com/mail/thread.php3?subject=Jboss3ctl+update+%28I+think+I+know+the+problem%29&list=162

2. The CVS log for daemonctl.c:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/jakarta-tomcat4/files/daemonctl.c


--
E:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message