On Wed, 11 May 2011, Mike Mestnik wrote: > On 05/11/11 01:37, helpermn wrote: > > On Tue, 10 May 2011, Henrique de Moraes Holschuh <[email protected]> wrote: > >> On Tue, 10 May 2011, helpermn wrote: > >>> I imagine why files listed below have 666 file mode bits set: > >>> /var/run/checkers.pid > >>> /var/run/vrrp.pid > >>> /var/run/keepalived.pid > >>> /var/run/starter.pid > >>> /var/lock/subsys/ipsec > >>> .... > >> > >> You could get the initscripts to send signals to any PID you want, so > >> yes, it is a nasty security issue. > >> > > > It should be mandatory for initscripts to verify the pid is indeed an > instance of there daemon. > > ...as well as correcting the world writable bit.
These things are to be fixed properly. You need to actually create the pidfile securely in the first place. Which means using O_CREAT|O_EXCL, often together with O_CLOEXEC, etc. Most initscripts will make sure they only signal processes that match the inode in the path they expect the process to be. Refer to the --exec option of start-stop-daemon(8). However, this cannot be done in any of the more important daemons where you do not stop-before-upgrading, but rather restart-after-upgrading. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
