Bug 44225 - SSL connector tries to load the private keystore file after privileges have already been dropped by JSVC
SSL connector tries to load the private keystore file after privileges have a...
Status: NEW
Product: Tomcat 6
Classification: Unclassified
Component: Connectors
6.0.14
Other other
: P2 enhancement (vote)
: default
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2008-01-14 04:53 UTC by Ivan Todoroski
Modified: 2008-05-11 06:20 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ivan Todoroski 2008-01-14 04:53:06 UTC
The keystore file containing the private server key should be kept in a secure 
location readable only by root. But if you run Tomcat under a less privileged 
user, this prevents you from using this key for the Tomcat SSL Connector.

You are left with two choices: either make the keystore readable to the Tomcat 
user, or run Tomcat permanently as root, neither of which is appealing from 
security point of view.

Now, Tomcat supports Commons Daemon (JSVC), which allows it to be started on 
privileged ports (such as 80 or 443) while not having to run as root all the 
time. It does it by splitting initialization into "load" and "start" phases, 
where the "load" phase runs as root in order to acquire the privileged 
resources, while the "start" phase runs after dropping privileges.

Unfortunately, the privileged "load" phase currently only binds the privileged 
ports. I propose to also move the loading of keystore files to this privileged 
"load" phase, so that private keystore files can be kept in a secure location, 
while Tomcat runs as non-privileged user.
Comment 1 Mark Thomas 2008-01-14 12:51:13 UTC
This sounds like an enhancement some users would want. Of course, it only works
if the key is read once and kept in memory - which I assume it is but haven't
checked.

As always, patches are welcome. I don't know this part of the code well enough
to know how big the patch is likely to be.