Package: avahi-daemon Version: 0.6.25-3 Severity: normal Tags; security /var/run/avahi-daemon/pid is writable by the avahi user. Suppose this user is compromised. If the pid is overwritten with a different process id, such as 1, /etc/init.d/avahi-daemon stop will go ahead and kill that.
start-stop-daemon avoids this kind of security flaw by checking /proc/pid/exe (when run with -exec), or at least the process name (when run with -name). avahi's init script uses avahi -k. which neglects such checking. Besides the (admittedly unlikely since if you can shell avahi you probably have better things to do) security hole, killing a process that is stored in a pid file without checking that the pid file is accurate is asking for trouble. -- see shy jo
signature.asc
Description: Digital signature
