World writable pid and lock files.
Hello! I imagine why files listed below have 666 file mode bits set: /var/run/checkers.pid /var/run/vrrp.pid /var/run/keepalived.pid /var/run/starter.pid /var/lock/subsys/ipsec Files are created during startup of ipsec (pluto) and keepalived deamons. I think thar leaving them world writable is security hole. For example delete or change of its content could confuses monit watching them running and restarting when they die. Regards. -- helpermn -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/05578bff-44fc-41b3-9e8e-c11b5b9a6...@gmail.com
Re: World writable pid and lock files.
On Tue, 10 May 2011, helpermn wrote: I imagine why files listed below have 666 file mode bits set: /var/run/checkers.pid /var/run/vrrp.pid /var/run/keepalived.pid /var/run/starter.pid /var/lock/subsys/ipsec Files are created during startup of ipsec (pluto) and keepalived deamons. I think thar leaving them world writable is security hole. For example delete or change of its content could confuses monit watching them running and restarting when they die. You could get the initscripts to send signals to any PID you want, so yes, it is a nasty security issue. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110510141057.ga5...@khazad-dum.debian.net
Re: [SECURITY] [DSA 2233-1] postfix security update
* Florian Weimer: Package: postfix Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2009-2939 CVE-2011-0411 CVE-2011-1720 For the unstable distribution (sid), this problem has been fixed in version 2.8.0-1. This is incorrect. The fixed version is 2.8.3-1. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87liyecps2@mid.deneb.enyo.de
Re: [SECURITY] [DSA 2233-1] postfix security update
I upgraded postfix and now my LDA is broken postfix/local[11826]: fatal: unable to determine open file limit anyone else come across this issue? On 11/05/11 5:35 AM, Florian Weimer wrote: * Florian Weimer: Package: postfix Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2009-2939 CVE-2011-0411 CVE-2011-1720 For the unstable distribution (sid), this problem has been fixed in version 2.8.0-1. This is incorrect. The fixed version is 2.8.3-1. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4dca1901.9000...@evercom.net.au
