Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 162918

Summary: dev-java/commons-daemon - two jsvc bugs
Product: Gentoo Linux Reporter: Simone Piunno <pioppo>
Component: Current packagesAssignee: Java team <java>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Simone Piunno 2007-01-20 12:54:54 UTC 
jsvc has two bugs on linux:
 - fails when called a relative path (does execve on argv[0])
 - fails to set capabilities when called as non-root.
Please take a look at
 https://issues.apache.org/jira/browse/DAEMON-92
 https://issues.apache.org/jira/browse/DAEMON-24
and add those two pathes to gentoo ebuild while we wait for upstream

Reproducible: Always

Steps to Reproduce:
1.run jsvc as non root
2.
3.




Portage 2.1.2 (default-linux/amd64/2006.0, gcc-4.1.1, glibc-2.5-r0, 2.6.19-gentoo-r4 x86_64)
=================================================================
System uname: 2.6.19-gentoo-r4 x86_64 AMD Athlon(tm) 64 Processor 3200+
Gentoo Base System version 1.12.9
Timestamp of tree: Wed, 17 Jan 2007 15:30:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.4 [disabled]
dev-java/java-config: 1.3.7, 2.0.31-r3
dev-lang/python:     2.4.4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.4-r6
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.19.2-r1
ACCEPT_KEYWORDS="amd64 ~amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=k8 -funit-at-a-time -frename-registers -fweb"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -pipe -march=k8 -funit-at-a-time -frename-registers -fweb"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig candy distlocks fixpackages metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://www.die.unipd.it/pub/Linux/distributions/gentoo-sources/ http://mirror.bih.net.ba/gentoo/ ftp://mirror.bih.net.ba/gentoo/"
LANG="it_IT.UTF-8"
LC_ALL="it_IT.UTF-8"
LINGUAS="en it"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnowex X a52 aalib acl acpi adns alsa amd64 apache2 app-cdr/k3b:css app-crypt/gnupg:idea app-crypt/gpgme:smime app-office/openoffice:branding arts artswrappersuid audiofile avi bash-completion berkdb bidi bigger-fonts bitmap-fonts bluetooth bootsplash cairo caps cdda cddb cdio cdparanoia cdr cli cluster cracklib crypt cups curl dba dbus dev-dotnet/mono:nptl dev-util/eric:idl divx4linux dlloader dri dts dv dvd dvdr dvdread eds emboss encode evo exif faad fam fbcon ffmpeg firefox foomaticdb fpx freetype ftp gcj gd gdbm gdm gif gimpprint gnome gnome-base/gnome-session:branding gnome-extra/evolution-data-server:keyring gnutls gpm graphviz gstreamer gtk gtk2 hal httpd iconv icq imap imlib innodb ipv6 isdnlog ithreads jabber jack java jbig jpeg jpeg2k kde kde-base/kdeadmin:foreign-package kde-base/kdeadmin:foreign-sysvinit kde-base/kdemultimedia:cdparanoia kdeenablefinal kdehiddenvisibility ladcca lcms ldap libcaca libnotify live lm_sensors logitech-mouse lzo lzw lzw-tiff maildir makecheck media-gfx/sane-frontends:gimp media-sound/museseq:fluidsynth mmx2 mono mozilla mozsvg mp3 mpeg mplayer mysql ncurses net-misc/openssh:X509 net-misc/openssh:chroot net-misc/openssh:sftplogging net-misc/openssh:skey net-wireless/bluez-utils:udev net-www/apache:threads net-www/mozilla-firefox:xprint net-www/mozilla:mozp3p net-www/mozilla:mozsvg network nls nptl nptlonly nsl nvidia ogg oggvorbis openexr opengl oss pam pcre pdf pdflib perl png postgres pppd python qt3 qt4 quicktime rdesktop readline reflection rrdtool rtc samba sasl scanner sdl session slang slp speex spell spl ssl stream svg sys-devel/libperl:threads tcpd tetex tga theora threads tiff truetype truetype-fonts type1-fonts unicode usb utf8 vcd vim-syntax vim-with-x vorbis wmf xcomposite xine xml xml2 xorg xpm xprint xscreensaver xv xvid xvmc zeo zeroconf zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en it" USERLAND="GNU" VIDEO_CARDS="nv"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Petteri Räty (RETIRED) gentoo-dev 2007-01-24 21:42:19 UTC 
(In reply to comment #0)
>  https://issues.apache.org/jira/browse/DAEMON-24

From http://jakarta.apache.org/commons/daemon/jsvc.html

"Jsvc is a daemon process so it should be started as root and the -user parameter allows to downgrade to an unprivilegded user."

So I don't see much point for the second patch as the whole purpose of jsvc is to first run as root to be able to bind to privileged ports etc. Please correct me if I am wrong.
Comment 2 Petteri Räty (RETIRED) gentoo-dev 2007-01-24 21:45:50 UTC 
(In reply to comment #0)

>  https://issues.apache.org/jira/browse/DAEMON-24

Also I don't think your patch will be added any time soon as you attached it to a resolved bug that was about documentation. It would be the same as me attaching a commons-daemon version bump to this bug. You should open a new bug in the upstream bug tracker with your patch attached.
Comment 3 Petteri Räty (RETIRED) gentoo-dev 2007-01-24 21:56:23 UTC 
(In reply to comment #0)
> jsvc has two bugs on linux:
>  - fails when called a relative path (does execve on argv[0])
>  - fails to set capabilities when called as non-root.
> Please take a look at
>  https://issues.apache.org/jira/browse/DAEMON-92

https://issues.apache.org/jira/browse/DAEMON-92#action_12467164
For me execve works just fine with relative paths.
Comment 4 Simone Piunno 2007-01-25 15:47:49 UTC 
I think there is no reason jsvc shoulnd't work as non root and haven't verified but looking at the code I believe on other platforms it does.
Even if the initial intent was to build a tool to be used just as root, I think this could be an easy improvement.
Following your suggestion, I opened a new issue:
https://issues.apache.org/jira/browse/DAEMON-93

With regard to execve you are right execve works for relative paths, my analisys was wrong.  Real cause is execve does not search in $PATH.  My patch is still valid as a fix.
Comment 5 Petteri Räty (RETIRED) gentoo-dev 2007-02-11 17:11:47 UTC 
Patches committed. The execve patch seems to already be a part of trunk. I will likely wait until upstream comments on the uid patch before going stable with a version with these patches. Thanks for reporting.