Tibor Kiss created STORM-2348:
---------------------------------
Summary: setuid(0) & setgid call results are not checked in
worker-launcher
Key: STORM-2348
URL: https://issues.apache.org/jira/browse/STORM-2348
Project: Apache Storm
Issue Type: Improvement
Components: storm-core
Reporter: Tibor Kiss
Assignee: Tibor Kiss
worker-launcher elevates it's privileges using {{setuid(0)}} and
{{setgid(group_info->gr_gid)}} calls:
https://github.com/apache/storm/blob/master/storm-core/src/native/worker-launcher/impl/main.c#L116-L119
The current implementation does not validate the return value of those calls,
rather it checks' the privileges (setuid + root ownership) of the binary
through {{check_executor_binary()}}
This approach works correctly, but it could be improved:
If we'd check the return values of setuid(0) & setgid() and drop the binary
check it would be possible to gain elevated privileges using CAP_SETUID &
CAP_SETGID.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
