[
https://issues.apache.org/jira/browse/STORM-2348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15855789#comment-15855789
]
Tibor Kiss commented on STORM-2348:
-----------------------------------
If the "Bypass file read permission checks and directory read and execute
permission checks" capability is enabled then the test succeeds:
{code}
tiborkiss@eiger ~/d/w/storm ❯❯❯ sudo setcap cap_setuid,cap_read+ep
/home/tiborkiss/devel/workspace/storm/storm-core/target/native/worker-launcher/worker-launcher
tiborkiss@eiger ~/d/w/storm ❯❯❯ sudo setcap cap_setuid,cap_dac_read_search=+ep
/home/tiborkiss/devel/workspace/storm/storm-core/target/native/worker-launcher/worker-launcher
⏎
tiborkiss@eiger ~/d/w/storm ❯❯❯
/home/tiborkiss/devel/workspace/storm/storm-core/target/native/worker-launcher/worker-launcher
--checksetup
tiborkiss@eiger ~/d/w/storm ❯❯❯ echo $?
0
{code}
> setuid(0) & setgid call results are not checked in worker-launcher
> ------------------------------------------------------------------
>
> Key: STORM-2348
> URL: https://issues.apache.org/jira/browse/STORM-2348
> Project: Apache Storm
> Issue Type: Improvement
> Components: storm-core
> Reporter: Tibor Kiss
> Assignee: Tibor Kiss
>
> worker-launcher elevates it's privileges using {{setuid(0)}} and
> {{setgid(group_info->gr_gid)}} calls:
> https://github.com/apache/storm/blob/master/storm-core/src/native/worker-launcher/impl/main.c#L116-L119
> The current implementation does not validate the return value of those calls,
> rather it checks' the privileges (setuid + root ownership) of the binary
> through {{check_executor_binary()}}
> This approach works correctly, but it could be improved:
> If we'd check the return values of setuid(0) & setgid() and drop the binary
> check it would be possible to gain elevated privileges using CAP_SETUID &
> CAP_SETGID.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
