Hi!

On Mon, 2014-09-01 at 15:27:09 -0700, Will Conley wrote:
> Package: dpkg
> Version: 1.17.13
> Severity: normal

> If the options --umask and --make-pidfile are both used when calling 
> start-stop-daemon --start, the umask is set before the pidfile is created. If 
> this umask is restrictive (e.g. 0007) then this leads to a pidfile being 
> created that is not even readable by unprivileged users. This means that only 
> root will be able to successfully check the status of a service with a 
> command 
> like "service foo status". 

Ah, indeed, nicely spotted. And thanks for the patch!

> Since it is easy for any user to find the PID of any running process (with 
> ps), I don't think there is any security issue with making all pidfiles 
> world-readable. Indeed, a quick check of both my Debian systems reveals that, 
> other than the one offending service that caused me to notice this problem 
> (deluged*), all other pidfiles in /run have permissions of 0644, consistent 
> with the default umask of 0022. 

Sure.

> A quick look at the source of start-stop-daemon reveals that the umask is 
> applied immediately before calling "create-pidfile". Simply changing the 
> order 
> of these two blocks of code fixes the problem. For your convenience, I have 
> attached a patch that does this. 

As I'm going to be fixing the --make-pidfile and --background race
bug, this should automatically get fixed by that as a side-effect,
as the make file code needs to be moved way earlier probably.

Thanks,
Guillem


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to