[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pid file security

On mar., 2010-05-04 at 02:25 -0400, Joey Hess wrote:
> As security problems go, being able to DOS a system by killing targeted
> processes, slowly, is not very bad. After all, it could be fork bombed
> or OOMed just as effectively. Security aside, there's an overall correctness
> issue: There's the chance that a daemon will unexpectly die, and its PID
> be reused by an unrelated process, which is later incorrectly stopped. 

And you usually need root access for invoke-rc.d or /etc/init.d scripts
(unless you have some kind of specific sudo permissions for that). So
you might be able to kill other process as well.

(it's still safer to test though)


Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: