Opened 3 years ago
Closed 2 years ago
#1770 closed defect (fixed)
i2p running as root privilege linux
| Reported by: | anonymous maybe | Owned by: | kytv |
|---|---|---|---|
| Priority: | major | Milestone: | 0.9.29 |
| Component: | installer | Version: | 0.9.24 |
| Keywords: | Cc: | ||
| Parent Tickets: |
Description (last modified by anonymous maybe)
if someone installed i2p inside linux , and if linux running under root privilege only then this command wont start:-
i2prouter start
which is good.
but the problem is , u can start i2p without the need to do any configurations or so with this command:-
i2prouter restart
also this command is working under root privilege without any modifications to anything:-
i2prouter stop
so i think someone should review the user and root privilege for these commands.
logs:-
I2P version: 0.9.24-0-1~deb8u+1 Java version: Oracle Corporation 1.7.0_95 (OpenJDK Runtime Environment 1.7.0_95-b00) Wrapper version: 3.5.25 Server version: 8.1.17.v20150415 Servlet version: Jasper JSP 2.1 Engine Platform: Linux amd64 4.1.13-8.pvops.qubes.x86_64 Processor: Haswell (22nm) (corei) Jbigi: Locally optimized native BigInteger library loaded from file Encoding: UTF-8 Charset: UTF-8
Subtickets
Attachments (1)
Change History (9)
Changed 3 years ago by anonymous maybe
comment:1 Changed 3 years ago by anonymous maybe
- Priority changed from minor to major
comment:2 Changed 3 years ago by anonymous maybe
- Summary changed from i2p running root privilege linux to i2p running as root privilege linux
comment:3 Changed 3 years ago by zzz
- Component changed from unspecified to installer
comment:4 Changed 3 years ago by zzz
- Owner set to kytv
- Status changed from new to assigned
comment:5 follow-up: ↓ 6 Changed 3 years ago by zzz
- Status changed from assigned to infoneeded
comment:6 in reply to: ↑ 5 Changed 2 years ago by anonymous maybe
- Status changed from infoneeded to open
Replying to zzz:
Please be specific.
You are proposing that we add the root check to the restart and stop commands? What about condrestart and graceful?
yes , these commands shouldnt run by root privileges because if so , then i2p after restarting going to run under root privileges.
I also don't see why we should check for stop. Restart may also be a problem when controlled by systemd? Not sure.
i dunno if its going to be problematic or not
Also, please justify why you have classified this as 'major'. What's the big problem? The check is only to catch potential problems. We can't prevent root from doing anything foolish.
so i2p going to run under root privileges and by that the user going to be under critical situation which he can be deanonymized or even more (stealing the entire server , all personal data ...etc because the hacker or any malicious just need to walk through not more , though and i think you know that there is different with security under user and root privileges)
comment:7 Changed 2 years ago by anonymous maybe
- Description modified (diff)
comment:8 Changed 2 years ago by zzz
- Milestone changed from undecided to 0.9.29
- Resolution set to fixed
- Status changed from open to closed
checkifstartingasroot added to restart and condrestart commands in 19c2e60e5c341b50ef63858d7f6fead7753c2768 to be 0.9.28-4 for new installs and packages only. We don't include this file for in-net updates.
Please be specific.
You are proposing that we add the root check to the restart and stop commands? What about condrestart and graceful?
I also don't see why we should check for stop. Restart may also be a problem when controlled by systemd? Not sure.
Also, please justify why you have classified this as 'major'. What's the big problem? The check is only to catch potential problems. We can't prevent root from doing anything foolish.