# mldonkey (running as init.d daemon) Security review needed

## Wilhelm

Hi everybody

I'm running my mldonkey as a daemon, i'll tell you how in a minute, since this is not a default thing to do or security wise a GOOD thing to do but i'll lay it down and you can caution me on potential threats or problems or hand me a better way to do it.

Why? The reason i want to do this is because i want me and my bro to be able to centralize downloads on my Gentoo system which runs day and night 24/7.

Ok first of all i emerged the latest (EXPERIMENTAL) version (less buggy) 2.5.3

Then i made a home directory and a user mldonkey who lives in /home/mldonkey. mldonkey is in the users group.

This because mldonkey uses the home directory of the user running it to dump it's config. This will all be contained in the /home/mldonkey dir.

Then i made the following scripts

/home/mldonkey/.mldonkey/mlstart

```

#!/bin/sh

whoami

exec 2>&1

HOME="/home/mldonkey" exec /usr/bin/mldonkey

```

/init.d/mldonkey

```

#!/sbin/runscript

opts="start stop restart"

depend() {

        need net

}

start() {

        ebegin "Starting ${CHROOT:+chrooted }mldonkey"

        start-stop-daemon --start --exec /home/mldonkey/.mldonkey/mlstart -u mldonkey -c mldonkey -b

        eend $?

}

stop() {

        ebegin "Stopping mldonkey"

        start-stop-daemon --stop -u mldonkey

        eend $?

}

restart() {

        svc_stop

        svc_start

}

```

ok as you can see i didn't use a PID file (had problems with it). Also i used -u -c options to force it to run under mldonkey privs. -r to chroot won't work for some reason. -b is used because mldonkey even with the -daemon flag won't go to the background.

Questions

How secure is this setup?

Where are the potential weaknesses?

Are there some things i can do to make it more secure?

How big does my approach suck  :Smile: 

NOTE FOR ALL TRYING THIS SETUP:

It will complain about a process NOT being terminated at shutdown but that is because the parent gets killed before the child resulting in the message.

Thanks everyone in advanced

----------

## Deathwing00

 *Quote:*   

> It will complain about a process NOT being terminated at shutdown but that is because the parent gets killed before the child resulting in the message. 
> 
> 

 

This is what I call a ZOMBIE process... the parent must do a waitpid() before exiting... or just kill the children before exiting.[/quote]

----------

## Wilhelm

Well the problem is that the init.d script calls the mlstart script spawns the mldonkey script which executes mlnet.

waitpid() is C so i can't just stick it in anyways i solved it already

```

#!/sbin/runscript

opts="start stop restart"

depend() {

        need net

}

start() {

        ebegin "Starting ${CHROOT:+chrooted }mldonkey"

        start-stop-daemon --start --exec /home/mldonkey/.mldonkey/mlstart -u mldonkey -c mldonkey -b

        eend $?

}

stop() {

        ebegin "Stopping mldonkey"

        start-stop-daemon --stop -x /usr/bin/mlnet

        eend $?

}

restart() {

        svc_stop

        svc_start

}

```

This kills off mlnet basically the core instead of killing off all processes by the user.

----------

## Deathwing00

Good work mate!  :Smile: 

----------

## mo-ca

hi

when i use this script i only get a:

```
/etc/init.d/mldonkey start

 * Starte  mldonkey...                                                    [ ok ]

but

ps -all

F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD

0 R     0 14354 14662  0  76   0 -   891 -      pts/1    00:00:00 ps

```

i mean, i had to change your mldonkey-user, but it doesnt start my mldonkey.

thx for help

----------

## Deathwing00

mmmmm... better try 

```
$ ps -A
```

----------

## mo-ca

```
ps -A

  PID TTY          TIME CMD

    1 ?        00:00:04 init

    2 ?        00:00:00 migration_CPU0

    3 ?        00:00:00 keventd

    4 ?        00:00:00 ksoftirqd_CPU0

    5 ?        00:00:00 kswapd

    6 ?        00:00:00 kscand

    7 ?        00:00:00 bdflush

    8 ?        00:00:00 kupdated

   11 ?        00:00:00 kreiserfsd

30918 ?        00:00:00 devfsd

23157 ?        00:00:00 acpid

17868 ?        00:00:00 eth1

26139 ?        00:00:00 syslog-ng

20010 ?        00:00:00 adsl-connect

14426 ?        00:00:00 eth0

31415 ?        00:00:00 pppd

11143 ?        00:00:00 pppoe

 1170 ?        00:00:00 smbd

26778 ?        00:00:00 nmbd

21103 ?        00:00:00 sshd

 4431 ?        00:00:00 cron

11601 ?        00:00:00 xinetd

 5969 vc/1     00:00:00 agetty

 8240 vc/2     00:00:00 agetty

18761 vc/3     00:00:00 agetty

 5490 vc/4     00:00:00 agetty

 6344 vc/5     00:00:00 agetty

 2737 vc/6     00:00:00 agetty

23659 ?        00:00:00 smbd

10346 ?        00:00:00 smbd

 4069 ?        00:00:00 sshd

17219 pts/1    00:00:00 bash

13463 pts/1    00:00:00 ps
```

hum nothing lookin' like mldonkey/mlnet   :Crying or Very sad: 

----------

## Deathwing00

 :Sad:  You could trace the code ... perhaps you find the error   :Confused: 

----------

## -leliel-

http://mldonkey.berlios.de/modules.php?name=Downloads&d_op=viewdownload&cid=2

this is a nice initd script too ... you should have a look on it, because it's smarter with shutdown and startup.  :Wink: 

so long

----------

## Wilhelm

Well mldonkey has shitloads of issues. I'm tryng to get the html thing working but every time i NEED it to work it goes AWOL and gives me "Document does not contain data"

I'm doing a wait for more test releases strategy on mldonkey.

BTW. i'm a n00b so all i can say is that my script works for me. I haven't been bothered to check out the script link yet.

----------

## Bushmann

plz have a look at https://forums.gentoo.org/viewtopic.php?p=441668#441668[/url]

----------

