Red Hat Bugzilla – Bug 114828
Files in /usr/share/java/webapps and /var/lib/ccm/ should owned by root instead of servlet
Last modified: 2007-04-18 13:02:28 EDT
Description of problem: The installed template webapps from the RPM in /usr/share/java/webapps are all owned and writable by the 'servlet' user & group. simiilarly the files in /var/lib/ccm are owned and writable by the 'servlet' user . All of these files should be owned by root to protect against exploits in the servlet container, and bugs in our code which could otherwise let remote users overwrite these files. This is critically important since an exploit of this kind would allow execution of arbitrary java code via a JSP. In general, nothing except the 'work' directory should be owned / writable by 'servlet'. We may have, however, have complications with the 'themes' application, so possibly need a temporary hack to application.xml to let an app specify that its webapp (or perhaps a directory therein) is indeed owned & writable by 'servlet'. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Can you be more specific on the requirements of the themes webapp? As far as I know, p2fs is currently the only piece of code (except for themes) that writes to the webapp root. The directory that it writes to - $CCM_HOME/webapps/ROOT/packages/content-section/templates - is chown'd to servlet.servlet by "ccm hostinit". We could do something similar for the themes app.
@40037 & @40036 for the default case. Still need to deal with Themes app
Randy, can you provide a list of directories to which the themes applications writes on disk?
The themes app does two things. 1. it writes to $CCM_HOME/webapps/ccm-ldn-theme/__ccm__/themes-dev/ and that directory will need to also have permissions so that users can FTP or SCP to there. That permisssion can be manually set by the sysadmin but the directory should not be owned by root. 2. it writes to $CCM_HOME/webapps/ccm-ldn-theme/__ccm__/themes-prod which is created by the server at runtime and it not part of the initial install. So you may want to look at it as it actually needs to be able to create a directory under $CCM_HOME/webapps/ccm-ldn-theme/__ccm__/ unless you want to alter the themes app to ship with the empty directory or with a dummy file in the directory. And, when I use $CCM_HOME above, that is what is used in my current dev environment (/var/ccm-devel/web/randyg/aplaws). But, it should really just be the location where the webapps are deployed.
@41134 I modifed the hostinit command to also change the owner of the two themes directories Randy listed to the servlet user. Longer term, we may want a more flexible solution, but this should work for now.
I have tested this out and after manually creating the themes-prod and themes-dev directory and then running "ccm hostinit" the directories were given the correct permissions. With change 41509 I have added some placeholders so that the directories are automatically created so that the "ccm hostinit" will actually have a directory to change. So, after that change, I think that the solution works for the themes application.