Re: World writable pid and lock files.

helpermn Tue, 10 May 2011 23:38:27 -0700

On Tue, 10 May 2011, Henrique de Moraes Holschuh <h...@debian.org> wrote:

On Tue, 10 May 2011, helpermn wrote:

I imagine why files listed below have 666 file mode bits set:
/var/run/checkers.pid
/var/run/vrrp.pid
/var/run/keepalived.pid
/var/run/starter.pid
/var/lock/subsys/ipsec
....


You could get the initscripts to send signals to any PID you want, so
yes, it is a nasty security issue.

So what is a solution? Could I/you/someone report this somewhere?Maybe Debian bugs tracker?


--
helpermn


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/014c4b8f-b242-4700-be12-d69496e78...@gmail.com

Re: World writable pid and lock files.

Reply via email to