[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pid file security

On Tuesday 04 May 2010 08:25:25 Joey Hess wrote:
> Take a look in /var/run. Find a pid file that is owned by a non-root
> user. Now, look at the corresponding init script. What does it stop if
> that non-root user edited the pid file to contain '1'?

The fact that they are not owned by root doesn't mean you can edit them, they 
would probably be owned by a specific user for that daemon and will not have 
write access for others.
Have you found some with write permissions set to all?

Salvo Tomaselli

Reply to: