Steve Langasek <[EMAIL PROTECTED]> writes: > The tmp file handling in this version is definitely improved, but it > seems that only root is completely protected from malicious pidfiles:
> - the user pidfile is created with a constant name > - when opening the pidfile, the ownership is not checked > - there is a race condition when using -k, where a new pidfile can be > created after the old tleds process has exited but before the current > process checks whether it succeeded. (A rather large race condition, > too -- tleds -k sleeps for 3 seconds, and no process should take that > long to shut down on a modern system. :) This is a good point. I didn't look closely enough at the user stuff rather than the root stuff. > So an attack vector here is that the user calls tleds -k, the attacker > replaces the pidfile as soon as it's been removed with one of his own, > and tleds -k returns an error to the user; the user then re-runs tleds > -k without looking, and an arbitrary process belonging to the user is > signalled. > Do you think this is worth fixing up before considering bug #276789 > fixed? There are probably very few processes that a stray SIGUSR1 can > do damage to on a typical system, but if it's worth protecting root > from, it's probably worth protecting users from as well. In any case, > this is not the bug that 276789 is primarily concerned with. Sure, I can fix this. It's not that difficult of a fix. I'll put up a fresh package sometime tomorrow. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
