On 2020-08-21 08:11, Arjen de Korte via clamav-users wrote: > > Not unconditionally. See the following from 'man 5 systemd.service': > > "The PID file does not need to be owned by a privileged user, but if it > is owned by an unprivileged user additional safety restrictions are > enforced: the file may not be a symlink to a file owned by a different > user (neither directly nor indirectly), and the PID file must refer to > a process already belonging to the service." >
FWIW this was committed on Jan 8th 2018, and solves the problem by keeping a separate pid <-> process <-> service map that's writable only by root. The patch in question provides the same security to other service managers. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
