Re: World writable pid and lock files.

To: debian-security@lists.debian.org
Subject: Re: World writable pid and lock files.
From: helpermn <helpermn@gmail.com>
Date: Wed, 11 May 2011 08:37:45 +0200
Message-id: <[🔎] 014C4B8F-B242-4700-BE12-D69496E78DA5@gmail.com>
In-reply-to: <[🔎] 20110510141057.GA5522@khazad-dum.debian.net>
References: <[🔎] 05578BFF-44FC-41B3-9E8E-C11B5B9A6C11@gmail.com> <[🔎] 20110510141057.GA5522@khazad-dum.debian.net>

On Tue, 10 May 2011, Henrique de Moraes Holschuh <hmh@debian.org> wrote:

On Tue, 10 May 2011, helpermn wrote:

I imagine why files listed below have 666 file mode bits set:
/var/run/checkers.pid
/var/run/vrrp.pid
/var/run/keepalived.pid
/var/run/starter.pid
/var/lock/subsys/ipsec
....


You could get the initscripts to send signals to any PID you want, so
yes, it is a nasty security issue.

So what is a solution? Could I/you/someone report this somewhere?Maybe Debian bugs tracker?


--
helpermn

Reply to:

Follow-Ups:
- Re: World writable pid and lock files.
  - From: Yves-Alexis Perez <corsac@debian.org>
- Re: World writable pid and lock files.
  - From: Mike Mestnik <cheako@mikemestnik.net>

References:
- World writable pid and lock files.
  - From: helpermn <helpermn@gmail.com>
- Re: World writable pid and lock files.
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: [SECURITY] [DSA 2233-1] postfix security update
Next by Date: Re: World writable pid and lock files.
Previous by thread: Re: World writable pid and lock files.
Next by thread: Re: World writable pid and lock files.
Index(es):
- Date
- Thread