Opened 4 years ago

Closed 3 years ago

#1770 closed defect (fixed)

i2p running as root privilege linux

Reported by: anonymous maybe Owned by: killyourtv's backup acct
Priority: major Milestone: 0.9.29
Component: installer Version: 0.9.24
Keywords: Cc:
Parent Tickets: Sensitive: no

Description (last modified by anonymous maybe)

if someone installed i2p inside linux , and if linux running under root privilege only then this command wont start:-

i2prouter start

which is good.

but the problem is , u can start i2p without the need to do any configurations or so with this command:-

 i2prouter restart

also this command is working under root privilege without any modifications to anything:-

i2prouter stop

so i think someone should review the user and root privilege for these commands.

logs:-

I2P version: 0.9.24-0-1~deb8u+1
Java version: Oracle Corporation 1.7.0_95 (OpenJDK Runtime Environment 1.7.0_95-b00)
Wrapper version: 3.5.25
Server version: 8.1.17.v20150415
Servlet version: Jasper JSP 2.1 Engine
Platform: Linux amd64 4.1.13-8.pvops.qubes.x86_64
Processor: Haswell (22nm) (corei)
Jbigi: Locally optimized native BigInteger library loaded from file
Encoding: UTF-8
Charset: UTF-8

Subtickets

Attachments (1)

i2proot.png (60.0 KB) - added by anonymous maybe 4 years ago.

Download all attachments as: .zip

Change History (9)

Changed 4 years ago by anonymous maybe

Attachment: i2proot.png added

comment:1 Changed 4 years ago by anonymous maybe

Priority: minormajor

comment:2 Changed 4 years ago by anonymous maybe

Summary: i2p running root privilege linuxi2p running as root privilege linux

comment:3 Changed 4 years ago by zzz

Component: unspecifiedinstaller

comment:4 Changed 4 years ago by zzz

Owner: set to killyourtv's backup acct
Status: newassigned

comment:5 Changed 3 years ago by zzz

Status: assignedinfoneeded

Please be specific.

You are proposing that we add the root check to the restart and stop commands? What about condrestart and graceful?

I also don't see why we should check for stop. Restart may also be a problem when controlled by systemd? Not sure.

Also, please justify why you have classified this as 'major'. What's the big problem? The check is only to catch potential problems. We can't prevent root from doing anything foolish.

comment:6 in reply to:  5 Changed 3 years ago by anonymous maybe

Status: infoneededopen

Replying to zzz:

Please be specific.

You are proposing that we add the root check to the restart and stop commands? What about condrestart and graceful?


yes , these commands shouldnt run by root privileges because if so , then i2p after restarting going to run under root privileges.


I also don't see why we should check for stop. Restart may also be a problem when controlled by systemd? Not sure.

i dunno if its going to be problematic or not

Also, please justify why you have classified this as 'major'. What's the big problem? The check is only to catch potential problems. We can't prevent root from doing anything foolish.


so i2p going to run under root privileges and by that the user going to be under critical situation which he can be deanonymized or even more (stealing the entire server , all personal data …etc because the hacker or any malicious just need to walk through not more , though and i think you know that there is different with security under user and root privileges)

Last edited 3 years ago by anonymous maybe (previous) (diff)

comment:7 Changed 3 years ago by anonymous maybe

Description: modified (diff)

comment:8 Changed 3 years ago by zzz

Milestone: undecided0.9.29
Resolution: fixed
Status: openclosed

checkifstartingasroot added to restart and condrestart commands in 19c2e60e5c341b50ef63858d7f6fead7753c2768 to be 0.9.28-4 for new installs and packages only. We don't include this file for in-net updates.

Note: See TracTickets for help on using tickets.