Re: Running Java across a privilege boundry

[Tim Brown <tmb () 65535 com>]

On Saturday 22 November 2014 19:36:58 Russ Allbery wrote:
> Marc Chadwick <marc () chadwick net> writes:
> > I thought tomcat 6 used authbind in its init script, but I could be
> > wrong.  If that's the case, authbind is written in C, so I'm not sure
> > that's what Tim has in mind. Similarly, jsvc is written in C. Maybe the
> > tabuki wrapper service?
>
> Ah, I see what you're getting at.  I don't think I've ever used authbind
> with Tomcat (no need -- I never use privileged ports with it), but (since
> I use Debian) it gets spawned through start-stop-daemon, which is also
> written in C.  You're saying that the running of the Java program has to
> be done *directly* by sudo for some reason?
>
> The initial question was a little obscure to me.  I'm not sure what
> security problem the original poster is worried about.  Starting Tomcat
> via sudo with that init script is indeed crossing a privilege boundary to
> run a Java program, but there are several layers of indirection there.
>
> Anyway, I have certainly worked with systems with command-line utilities
> written directly in Java that are run via sudo or other similar tools.
> The one that comes to mind (Zimbra) isn't open source, but I'm sure there
> are plenty of others.

Trying to work out if a "potential" security flaw in Java has a real world 
misuse case that can be exploited. I think the answer is "yes" but thought I'd 
ask the question before I took it any further.

I've sent a follow up to distros, which I hope Alexander will approve, to 
allow the discussion to continue.

Tim
-- 
Tim Brown
<mailto:tmb () 65535 com>

Attachment: signature.asc
Description: This is a digitally signed message part.