|Anonymous | Login | Signup for a new account||08-04-2020 10:15 PDT|
|Main | My View | View Issues | Change Log | Docs|
|Viewing Issue Advanced Details [ Jump to Notes ]||[ View Simple ] [ Issue History ] [ Print ]|
|ID||Category||Severity||Reproducibility||Date Submitted||Last Update|
|0003330||[Resin]||major||always||02-09-09 02:02||03-18-09 11:07|
|ETA||none||Fixed in Version||4.0.0||Product Version||3.2.1|
|Summary||0003330: Resin running in root (0) group although configured otherwise (WARNING: potential privilege escalation bug!)|
I run Resin as root with the following passage in the server-default section in resin.xml:
Thus resin should run as user httpd in group httpd.
Then I run the following PHP file from within Quercus:
The output is:
uid=1003(httpd) gid=1003(httpd) groups=0(root)
The expected output would be:
uid=1003(httpd) gid=1003(httpd) groups=1003(httpd)
The problem means that although Resin is running as user httpd and primary group httpd, it still belongs to group root (!). This is dangerous! (!) There may be lots of sensitive files on a server system which may be read or even modified by members of the root group.
I didn't check if this access is actually possible. However I would assume it.
Fixing this bug is STRONGLY recommended for security reasons.
|Steps To Reproduce|
|There are no notes attached to this issue.|
|02-09-09 02:02||tlandmann||New Issue|
|03-18-09 11:07||ferg||Assigned To||=> ferg|
|03-18-09 11:07||ferg||Status||new => closed|
|03-18-09 11:07||ferg||Resolution||open => fixed|
|03-18-09 11:07||ferg||Fixed in Version||=> 4.0.0|
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
27 total queries executed.|
25 unique queries executed.