Re: World writable pid and lock files.
On Tue, 10 May 2011, helpermn wrote:
> I imagine why files listed below have 666 file mode bits set:
> /var/run/checkers.pid
> /var/run/vrrp.pid
> /var/run/keepalived.pid
> /var/run/starter.pid
> /var/lock/subsys/ipsec
>
> Files are created during startup of ipsec (pluto) and keepalived
> deamons.
>
> I think thar leaving them world writable is security hole. For
> example delete or change of its content could confuses monit
> watching them running and restarting when they die.
You could get the initscripts to send signals to any PID you want, so
yes, it is a nasty security issue.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: