Solaris 9 12/03 Release Notes

Sun ONE Application Server Security Bug

The Application Server Starts All Instances as Root Allowing Nonroot Users Root Access (4780076)

Several issues are associated with Application Server startup when the Sun ONE Application Server is installed as part of a Solaris installation:

During the installation of the Sun ONE Application Server, the /etc/init.d/appserv script and symbolic links to the S84appserv and K05appserv scripts in the /etc/rc*.d/ directories are installed. These scripts cause all application server instances and administrative server instances, defined as part of the application server installation, to be started and stopped automatically during Solaris system startup and shutdown.

The /etc/init.d/appserv script contains the following section of code:

case "$1" in
    /usr/sbin/asadmin start-appserv
    /usr/sbin/asadmin stop-appserv

Execution of the asadmin start-appserv command causes the administration server instance and all application server instances, defined in all administrative domains, to be started during Solaris system startup. Because the system startup and shutdown scripts are executed as root, the startup script for each application server and administrative server instance is also executed as root. The instance-level startup script is named startserv and is located at instance-dir/bin/startserv. Because instances can be owned by users other than root, the startserv scripts could be modified by the nonroot user to execute commands as the root user.

If an instance is using a privileged network port, the instance's startserv script must be executed as root. However, run as user is typically set in the instance's configuration. The purpose is to force the instance to run as the specified user after the instance has been initially started by the root user.

Workaround: Perform one of the following workarounds, depending on your environment:

Startup Considerations: When modifying the Solaris software startup scripts to automatically start either specific application server administrative domains or specific application server instances, consider the following:

See the Sun ONE Application Server 7 Administrator's Guide for more information on the startup and shutdown commands that are available through the asadmin command-line interface.