Ticket #546 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

startstop for unix, reconfigure doesn't set uid's properly

Reported by: paulf Owned by: paulf
Priority: critical Milestone: Unix Platforms
Component: startstop Version: 7.9
Keywords: Cc:

Description

Pete Lombard wrote to ewdev:

We in NC have run into a problem with startstop and reconfigure on Linux. This is roughly from version 7.7 (source code is dated 22 Jan 2014, checked out from SVN; not from a specific EW distribution.)

The startstop executeable is set_uid root, so that some children can be started with TS scheduling priority. Initially after running startstop, all its children are running as "ncss" processes, which is the owner if startstop (no Agent commands in startstop_unix.d).

The we add a new child (Process and Class/Priority? commands) to startstop_unix.d and run "reconfigure". startstop starts a new process, in this case wave_serverV, and it is running as a root proecess, with all its tank and log files owned by root! This is not what we want.

It appears to me that when startstop is responding to a reconfigure request, it fails to call ConstructIds?() to set use_uid and use_gid of the new CHILD structure being used for the new child. Instead, the values of these CHILD members are probably still zero as a result of the call to calloc() that first allocated the CHILD structures. Note that ConstructIds?() is only called within StartEarthworm?() in startstop_unix_generic.c.

When startstop is run without root privilege, I suspect that when it responds to a reconfigure request, StartChild?() is trying to make the child run as use_uid 0 and use_gid 0. But the calls to setuid and setgid fail, returning an error with is being ignored by the code.

Can someone verify that my diagnosis is correct, and come up with a fix?

Change History

comment:1 Changed 3 years ago by paulf

  • Status changed from new to closed
  • Resolution set to fixed

Fixed and tested in startstop on Unix with version number 7.9b 2016-05-13

Note: See TracTickets for help on using tickets.