/var/run/directory/
Russell Coker
russell at coker.com.au
Mon Oct 4 06:03:49 UTC 2004
On Mon, 4 Oct 2004 03:37, Steve G <linux_4ever at yahoo.com> wrote:
> >There's still the general problem with discretionary access control here
> >too - A simple misconfiguration in for one of the daemons before it
> >drops root privileges could cause it to overwrite the pid file for
> >another daemon, violating the system security policy.
>
> I haven't seen this, you'd have to code an exploit just for it. But what I
I believe that the vast majority of exploits are created just for one
particular bug.
Also there have been bugs related to problems in dropping privs, see the
following URL for one example:
http://www.ale.org/archive/ale/ale-2000-06/msg00065.html
I recall that in late 2002 there was a game which had a security hole whereby
corrupt game data could exploit a program that was started at boot as root,
unfortunately I can't find the details.
> do see is daemons that crash leaving a pid file. Sooner or later a pid will
> match what's in the pid file and can be killed by mistake. (root is usually
> the only one that can do this.) I don't think this was mentioned so far in
> this thread. But this is the real problem that people run across more often
> wrt pid files, not overwriting a neighboring one.
The solution to this is to check the executable name as well as the PID before
killing. For SE Linux we will probably eventually want to go further and
either check the process context or run the kill command in the same domain
as the daemon.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-devel-list
mailing list