On 7/4/24 2:46 PM, Bryan Buchanan wrote:
I'm running Tomcat 9.0.14 on Centos 8 with JDK 15.
Tomcat is loaded in /opt/tomcat, the directory owned by "joe". If I login as
"joe" and start Tomcat, everything is fine.
We have people login to the Centos system to run the business application as "mary", "jane",
"fred" etc. Sometimes they want to shutdown Tomcat, for example if they wish to load a price update to the
DBMS or whatever. To enable them to do this from within the business application, I wrote a setuid() C program which
sets the effective user as "joe" and executes /opt/tomcat/bin/shutdown.sh or /opt/tomcat/bin/startup.sh. This
does startup Tomcat, but 10 minutes later it dies. Nothing is logged that is unusual. These are the last few lines when
it dies:
04-Jul-2024 21:45:01.154 INFO [main] org.apache.catalina.startup.Catalina.start
Server startup in [54,789] milliseconds
04-Jul-2024 21:54:10.149 INFO [Thread-3] org.apache.coyote.AbstractProtocol.pause Pausing
ProtocolHandler ["http-nio-8080"]
04-Jul-2024 21:54:10.157 INFO [Thread-3]
org.apache.catalina.core.StandardService.stopInternal Stopping service
[Catalina]
04-Jul-2024 21:54:10.194 WARNING [Thread-3]
org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesJdbc The web
application [TPDRESTServer] registered the JDBC driver [org.postgresql.Driver]
but failed to unregister it when the web application was stopped. To prevent a
memory leak, the JDBC Driver has been forcibly unregistered.
04-Jul-2024 21:54:10.196 WARNING [Thread-3]
org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesThreads The web
application [TPDRESTServer] appears to have started a thread named [Tomcat JDBC
Pool Cleaner[862048902:1720093501299]] but has failed to stop it. This is very
likely to create a memory leak. Stack trace of thread:
java.base@15/java.lang.Object.wait(Native Method)
java.base@15/java.util.TimerThread.mainLoop(Timer.java:553)
java.base@15/java.util.TimerThread.run(Timer.java:506)
04-Jul-2024 21:54:10.231 INFO [Thread-3] org.apache.coyote.AbstractProtocol.stop Stopping
ProtocolHandler ["http-nio-8080"]
04-Jul-2024 21:54:10.243 INFO [Thread-3] org.apache.coyote.AbstractProtocol.destroy
Destroying ProtocolHandler ["http-nio-8080"]
My C program is:
int main (int argc, char *argv[]) {
if (argc != 2) {
printf("%s", "Syntax: ManageTomcat START|STOP");
return(0);
}
printf("%s\n", argv[0]);
printf("%s\n", argv[1]);
setuid(1000);
if(strcmp(argv[1], "STOP")) {
system("/opt/apache-tomcat-9.0.14/bin/startup.sh");
} else {
system("/opt/apache-tomcat-9.0.14/bin/shutdown.sh");
} return(1);
}
Any ideas would be appreciated.
Bryan
I think you should check the return value of setuid.
I don't think you can change the uid of a process that easily.
Otherwise you could also write setuid(0), become root and that would look to me
as a huge security hole.
Regards, ~Z