v.1.5.10 breaks launching the app with init.d launch.script #11951

SLepUbIn · 2018-02-07T16:20:45Z

Version 1.5.10 of Spring boot prevents the app from starting as a service when using launch.script because $run_user does not have the permissions to write in log_file at startup.

This has to do with #11397

The removal of
chown "$run_user" "$log_file"

and the fact that the log file is created with root rights in check_permissions()

causes the app to fail to start.

Content below has been redacted to protect sensitive information.

Content of application installation dir :

drwxr--r-- 2 myuser mygroup     4096 Feb  7 11:53 bin
-r-------- 1 myuser mygroup     1220 Feb  7 11:53 myapp.conf
-r-x------ 1 myuser mygroup 47383530 Feb  7 11:53 myapp.jar
-r-------- 1 myuser mygroup     1843 Feb  7 11:53 myapp-local.properties
drwxr-xr-x 3 myuser mygroup     4096 Feb  7 11:54 log

in myapp.conf (extract)

LOG_FOLDER="/home2/xx/prog/myapp-local-gateway/log"
LOG_FILENAME="myapp-stdout-$(date +%F-%H-%M-%S).log"

Example starting application service as root :

/etc/init.d/myapp start
sh: /home2/xx/prog/myapp-local-gateway/log/myapp-stdout-2018-02-07-11-54-03.log: Permission denied

Content of LOG_FOLDER

-rw-r--r-- 1 myuser mygroup 11615384 Feb  7 11:52 myapp.log
-rw-r--r-- 1 root   root          0 Feb  7 11:54 myapp-stdout-2018-02-07-11-54-03.log
-rw-r--r-- 1 myuser mygroup  2870172 Feb  7 11:52 gc_myapp.log.0.current
drwxr-xr-x 2 myuser mygroup     4096 Feb  6 16:22 messages

Please note that myapp-stdout-2018-02-07-11-54-03.log is owned by root and not writable by the application user (myuser).

When LOG_FILENAME does not exist, it is created by root in the launch script (check_permission function):

touch "$log_file" &> /dev/null || { echoRed "Operation not permitted (cannot access log file)"; return 4; }

Since version 1.5.10, the ownership of LOG_FILENAME is not transferred to the application user.

We understand that those measures were required by CVE-2018-1196 , but the transfer of ownership should be done when the log file is created by the launch script.

The text was updated successfully, but these errors were encountered:

Update embedded launch script to no longer change ownership of files or folders that already exist. Fixes gh-11397

gauravbrills · 2018-03-19T15:08:33Z

do we have a minor release for this fix ?

snicoll · 2018-03-19T16:10:12Z

@gauravbrills the milestone is indicated on this very page (1.5.11), which is not released yet.

spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Feb 7, 2018

wilkinsona added type: regression A regression from a previous release priority: high labels Feb 8, 2018

wilkinsona added this to the 1.5.11 milestone Feb 8, 2018

wilkinsona removed the status: waiting-for-triage An issue we've not yet triaged label Feb 8, 2018

wilkinsona referenced this issue Feb 8, 2018

Protect against symlink attacks

9b8cb9a

Update embedded launch script to no longer change ownership of files or folders that already exist. Fixes gh-11397

wilkinsona self-assigned this Feb 13, 2018

wilkinsona closed this as completed in d59000c Feb 13, 2018

philwebb mentioned this issue Feb 23, 2018

Executable jar fails when started by root if log_file does not exist #12188

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v.1.5.10 breaks launching the app with init.d launch.script #11951

v.1.5.10 breaks launching the app with init.d launch.script #11951

SLepUbIn commented Feb 7, 2018 •

edited by philwebb

Loading

gauravbrills commented Mar 19, 2018

snicoll commented Mar 19, 2018

v.1.5.10 breaks launching the app with init.d launch.script #11951

v.1.5.10 breaks launching the app with init.d launch.script #11951

Comments

SLepUbIn commented Feb 7, 2018 • edited by philwebb Loading

gauravbrills commented Mar 19, 2018

snicoll commented Mar 19, 2018

SLepUbIn commented Feb 7, 2018 •

edited by philwebb

Loading