Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 71835 - net-p2p/freenet-0.5.2.1-r8 init.d script broken by sudo patch
Summary: net-p2p/freenet-0.5.2.1-r8 init.d script broken by sudo patch
Status: RESOLVED DUPLICATE of bug 72996
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo net-p2p team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-11-20 05:59 UTC by Richard Freeman
Modified: 2007-03-08 23:38 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Richard Freeman gentoo-dev 2004-11-20 05:59:59 UTC 
The sudo-1.6.7_p5-r2 security update apparently prevents the passing of environment variables, which breaks the init.d script installed by freenet which uses sudo to change uid.

As a result, the java classpath is not set when freenet is run, and java can't find the class.

I'm not intimately familiar with the world of su/sudo security issues, but the following change does fix the problem:

change from:
nice -n ${FREENET_NICENESS} sudo -u freenet /usr/bin/start-freenet.sh \

to:
nice -n ${FREENET_NICENESS} su freenet /usr/bin/start-freenet.sh \

su apparently passes environment just fine...

Reproducible: Always
Steps to Reproduce:
1.
2.
3.




Gentoo Base System version 1.4.16
Portage 2.0.51-r3 (default-linux/x86/2004.3, gcc-3.3.4, glibc-2.3.4.20040808-r1,
2.6.9-gentoo-r1-rf17 i686)
=================================================================
System uname: 2.6.9-gentoo-r1-rf17 i686 AMD Athlon(tm) 64 Processor 3000+
Autoconf: sys-devel/autoconf-2.59-r5
Automake: sys-devel/automake-1.8.5-r1
Binutils: sys-devel/binutils-2.14.90.0.8-r1
Headers:  sys-kernel/linux-headers-2.4.21-r1
Libtools: sys-devel/libtool-1.5.2-r5
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer -msse2 -msse -pipe"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config
/usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer -msse2 -msse -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms"
GENTOO_MIRRORS="http://mirrors.tds.net/gentoo http://gentoo.mirrors.pair.com/
http://www.mirror.ac.uk/sites/www.ibiblio.org/gentoo/"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X acpi acpi4linux alsa apache2 apm arts avi berkdb bitmap-fonts bonobo cdr
crypt cups dvd encode esd ethereal evo f77 fam fbcon flac foomaticdb fortran gd
gdbm gif gimpprint glut gnome gpm gtk gtk2 gtkhtml imagemagick imap imlib innodb
java jpeg junit kde libg++ libwww mad maildir mikmod motif mpeg multilib mysql
ncurses nls oggvorbis opengl oss pam pda pdflib perl php png python qt quicktime
readline samba sasl sdl slang spell ssl svga tcltk tcpd tetex tiff truetype wmf
x86 xml xml2 xmms xv zlib"
Comment 1 Christopher Byrne 2004-11-22 22:36:18 UTC 
Here's the offending lines in /etc/sudoers that's causing the problem: 

# Reset environment by default
Defaults        env_reset
# Uncomment to allow people in group wheel to export variables
#Defaults:%wheel !env_reset

# Allow people in group users to export specific variables
# Defaults:%users       env_keep=TZ

Uncommenting out this line:

Defaults:%wheel !env_reset

fixes the problem (Commenting out the "Defaults env_reset" works too, but is less safe)
Comment 2 zhcnmccmzhdvfevooo 2004-12-14 01:28:13 UTC 
I can confirm this problem.
and also the fix provided by Salah Coronya. ;)
Comment 3 Eduardo Garc*a-M*dico Portabella 2005-04-22 10:24:45 UTC 
I've solved this problem changing /etc/init.d/freenet line 67 from:
nice -n ${FREENET_NICENESS} sudo -u freenet /usr/bin/start-freenet.sh > /var/freenet/freenet.pid
to:
nice -n ${FREENET_NICENESS} sudo -u freenet /usr/bin/start-freenet.sh "$JAVA" "$JAVA_ARGS" "$CLASSPATH" > /var/freenet/freenet.pid
and then leaving /usr/bin/start-freenet.sh as this:
-------------- start ----------------
#!/bin/bash
# This script is a companion script to the Gentoo freenet init script.
# Logs freenet's stdout and stderr for debugging needs.
#
# Author: Brandon Low <lostlogic@gentoo.org>
#
JAVA="$1"
JAVA_ARGS="$2"
export CLASSPATH="$3"
${JAVA} ${JAVA_ARGS} freenet.node.Main -p /etc/freenet.conf \
        > /var/freenet/freenet.stdout.log 2> /var/freenet/freenet.stderr.log &
echo $!
--------------------- end ---------------------

It works right for me. Take it as a temporary fix but may work right for the future if freenet startup scripts does not change.

Woodyst.
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2007-03-08 23:38:36 UTC 
Blah; dead.

*** This bug has been marked as a duplicate of bug 72996 ***