[email protected] wrote: > Full_Name: Michael Orlitzky > Version: 2.4.45 > OS: Gentoo > URL: > Submission from: (NULL) (98.218.46.55) > > > The slapd daemon should create its PID file before dropping privileges. This > represents a minor security issue; additional factors are needed to make it > exploitable. > > Why? > > The purpose of the PID file is to hold the PID of the running daemon, > so that later it can be stopped, restarted, or otherwise signalled > (many daemons reload their configurations in response to a SIGHUP). > To fulfill that purpose, the contents of the PID file need to be > trustworthy. If the PID file is writable by a non-root user, then he > can replace its contents with the PID of a root process.
Not sure this is a valid concern. The uid used to run services should not actually have a valid login shell, and thus should not ever be usable for any purpose other than running the daemon from init. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
