UnsatisfiedLinkError when running Jetty9's setUID feature

850 views Asked by At

I just tried to run Jetty 9 as non root users, using setuid feature without success for binding low port numbers. I enabled the module setuid in the start.ini and added -Djava.library.path=/opt/jetty/lib/setuid But I have the following stack trace when starting Jetty:

2015-06-09 16:27:27.211:WARN:oejx.XmlConfiguration:main: Config error at | | java.lang.reflect.InvocationTargetException in file:/opt/jetty/etc/jetty-setuid.xml java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.eclipse.jetty.start.Main.invokeMain(Main.java:321) at org.eclipse.jetty.start.Main.start(Main.java:817) at org.eclipse.jetty.start.Main.main(Main.java:112) Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.set(XmlConfiguration.java:479) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:411) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:815) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1125) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1030) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:721) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:417) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:354) at org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:262) at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1243) at java.security.AccessController.doPrivileged(Native Method) at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1174) ... 7 more Caused by: java.lang.UnsatisfiedLinkError: org.eclipse.jetty.setuid.SetUID.getpwnam(Ljava/lang/String;)Lorg/eclipse/jetty/setuid/Passwd; at org.eclipse.jetty.setuid.SetUID.getpwnam(Native Method) at org.eclipse.jetty.setuid.SetUIDListener.setUsername(SetUIDListener.java:53) ... 23 more

Those are the only references to this error:

  • dev.eclipse.org/mhonarc/lists/jetty-users/msg01657.html
  • groups.google.com/forum/#!topic/dropwizard-user/aap2B_U_QPo

But they are either stopped or do not show the solution. The source code I found for the setuid package is: https://github.com/jetty-project/codehaus-jetty-project/blob/master/jetty-setuid/modules/java/src/main/java/org/mortbay/setuid/SetUID.java

Even though I cannot be sure this is the version I am using, given this one is from a org.mortbay package, while the one Jetty 9 uses is an Eclipse one.

I tried setting -Djetty.libsetuid.path in the java args (first try-catch block), either adding the path to the $PATH variable or setting -Djava.library.path (second try-catch block) or copying the so to /lib and, finally, leaving it as it is (third try-catch block). I got the same exception stack in all the cases. I cannot be sure if Jetty is either not finding the so file or not being able to load it, given that, if I remove all the references to the path (the cases I described latter), I still get the same error message. I use Java7 to run Jetty.

Edit I added the following snippet to one of my webapps as as matter of test, given that if the webapp succeed, I would know the problem is not in finding the shared object:

SetUID.setgid(1002);
SetUID.setuid(1002);
Passwd pw = SetUID.getpwuid(1002);
System.setProperty("user.name", pw.getPwName());
System.setProperty("user.home", pw.getPwDir());

I have the same UnsatisfiedLinkError as a result.

Edit2 I tried, instead, the following:

System.load(SetUID.__FILENAME);
SetUID.setgid(1002);

Which got me the following error message:

javax.servlet.ServletException: java.lang.UnsatisfiedLinkError: Native Library /lib/libsetuid.so already loaded in another classloader

I may conclude, therefore, that the library has been loaded, at least.

1

There are 1 answers

0
Vinicius Dantas On BEST ANSWER

Exploring the libsetuid file (nm -D /path/to/the/so), I realized that the so I was using was outdated and was not compatible with Jetty 9, the functions were named as mortbay:

root@root:~/# nm -D libsetuid.so --size-sort | less 0000000000000010 T Java_org_mortbay_setuid_SetUID_setgid 0000000000000010 T Java_org_mortbay_setuid_SetUID_setuid 0000000000000015 T Java_org_mortbay_setuid_SetUID_setumask 0000000000000018 T throwNewJavaSecurityException 0000000000000058 T throwNewJavaException 000000000000008e T Java_org_mortbay_setuid_SetUID_setrlimitnofiles 00000000000000a7 T getJavaMethodId 00000000000000f5 T Java_org_mortbay_setuid_SetUID_getrlimitnofiles 0000000000000102 T getJavaFieldInt 0000000000000111 T setJavaFieldInt 0000000000000111 T setJavaFieldLong 0000000000000121 T setJavaFieldString 00000000000001ba T Java_org_mortbay_setuid_SetUID_getpwuid 00000000000001e5 T Java_org_mortbay_setuid_SetUID_getpwnam 000000000000027e T Java_org_mortbay_setuid_SetUID_getgrgid 000000000000029e T Java_org_mortbay_setuid_SetUID_getgrnam

Now, I am using the shared object that already comes in the jetty download, not the one linked in the wiki. In addition to that, looking through the code of the setuid module, I decided using the property -Djetty.libsetuid.path in my java args for indicating the absolute path of the lib, e.g., -Djetty.libsetuid.path=/opt/jetty/lib/setuid.so