Date: Wed, 16 Aug 2017 18:17:40 -0400 From: Daniel Kahn Gillmor <dkg@...thhorseman.net> To: Michael Orlitzky <michael@...itzky.com>, oss-security@...ts.openwall.com Subject: Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation On Wed 2017-08-16 12:10:09 -0400, Michael Orlitzky wrote: > The problem is avoided by creating the PID file as root, before > dropping privileges. The problem can also be avoided by not using PID files at all, and relying instead on a service manager that actually keeps track of its children using more robust means (like wait() and SIGCHLD). Even when a process isn't malicious, if it dies unexpectedly a different process may spawn re-using the PID stored in the pidfile, in an accidental collision. At what point do we treat hacks like pidfiles as security risks more generally? pidfiles, self-daemonization, privilege-dropping, are all things that are easy to get subtly wrong. What do we need to offer to developers of daemons to encourage them to just stop doing them? --dkg Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ