First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 71835
Alias:
Product:
Component:
Status: RESOLVED
Resolution: DUPLICATE of bug 72996
Assigned To: Gentoo net-p2p team <net-p2p@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Richard Freeman <rich0@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 71835 depends on: Show dependency tree
Bug 71835 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-11-20 05:59 0000 
The sudo-1.6.7_p5-r2 security update apparently prevents the passing of
environment variables, which breaks the init.d script installed by freenet
which uses sudo to change uid.

As a result, the java classpath is not set when freenet is run, and java can't
find the class.

I'm not intimately familiar with the world of su/sudo security issues, but the
following change does fix the problem:

change from:
nice -n ${FREENET_NICENESS} sudo -u freenet /usr/bin/start-freenet.sh \

to:
nice -n ${FREENET_NICENESS} su freenet /usr/bin/start-freenet.sh \

su apparently passes environment just fine...

Reproducible: Always
Steps to Reproduce:
1.
2.
3.




Gentoo Base System version 1.4.16
Portage 2.0.51-r3 (default-linux/x86/2004.3, gcc-3.3.4,
glibc-2.3.4.20040808-r1,
2.6.9-gentoo-r1-rf17 i686)
=================================================================
System uname: 2.6.9-gentoo-r1-rf17 i686 AMD Athlon(tm) 64 Processor 3000+
Autoconf: sys-devel/autoconf-2.59-r5
Automake: sys-devel/automake-1.8.5-r1
Binutils: sys-devel/binutils-2.14.90.0.8-r1
Headers:  sys-kernel/linux-headers-2.4.21-r1
Libtools: sys-devel/libtool-1.5.2-r5
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer -msse2 -msse -pipe"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config
/usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer -msse2 -msse -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms"
GENTOO_MIRRORS="http://mirrors.tds.net/gentoo http://gentoo.mirrors.pair.com/
http://www.mirror.ac.uk/sites/www.ibiblio.org/gentoo/"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X acpi acpi4linux alsa apache2 apm arts avi berkdb bitmap-fonts bonobo cdr
crypt cups dvd encode esd ethereal evo f77 fam fbcon flac foomaticdb fortran gd
gdbm gif gimpprint glut gnome gpm gtk gtk2 gtkhtml imagemagick imap imlib
innodb
java jpeg junit kde libg++ libwww mad maildir mikmod motif mpeg multilib mysql
ncurses nls oggvorbis opengl oss pam pda pdflib perl php png python qt
quicktime
readline samba sasl sdl slang spell ssl svga tcltk tcpd tetex tiff truetype wmf
x86 xml xml2 xmms xv zlib"

------- Comment #1 From Salah Coronya 2004-11-22 22:36:18 0000 ------- 
Here's the offending lines in /etc/sudoers that's causing the problem: 

# Reset environment by default
Defaults        env_reset
# Uncomment to allow people in group wheel to export variables
#Defaults:%wheel !env_reset

# Allow people in group users to export specific variables
# Defaults:%users       env_keep=TZ

Uncommenting out this line:

Defaults:%wheel !env_reset

fixes the problem (Commenting out the "Defaults env_reset" works too, but is less safe)

------- Comment #2 From Alexander Schneider 2004-12-14 01:28:13 0000 ------- 
I can confirm this problem.
and also the fix provided by Salah Coronya. ;)

------- Comment #3 From Eduardo Garc*a-M*dico Portabella 2005-04-22 10:24:45 0000 ------- 
I've solved this problem changing /etc/init.d/freenet line 67 from:
nice -n ${FREENET_NICENESS} sudo -u freenet /usr/bin/start-freenet.sh > /var/freenet/freenet.pid
to:
nice -n ${FREENET_NICENESS} sudo -u freenet /usr/bin/start-freenet.sh "$JAVA" "$JAVA_ARGS" "$CLASSPATH" > /var/freenet/freenet.pid
and then leaving /usr/bin/start-freenet.sh as this:
-------------- start ----------------
#!/bin/bash
# This script is a companion script to the Gentoo freenet init script.
# Logs freenet's stdout and stderr for debugging needs.
#
# Author: Brandon Low <lostlogic@gentoo.org>
#
JAVA="$1"
JAVA_ARGS="$2"
export CLASSPATH="$3"
${JAVA} ${JAVA_ARGS} freenet.node.Main -p /etc/freenet.conf \
        > /var/freenet/freenet.stdout.log 2> /var/freenet/freenet.stderr.log &
echo $!
--------------------- end ---------------------

It works right for me. Take it as a temporary fix but may work right for the future if freenet startup scripts does not change.

Woodyst.

------- Comment #4 From Jakub Moc (RETIRED) 2007-03-08 23:38:36 0000 ------- 
Blah; dead.

*** This bug has been marked as a duplicate of bug 72996 ***
First Last Prev Next    No search results available      Search page      Enter new bug