Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Aug 2017 18:17:40 -0400
From: Daniel Kahn Gillmor <dkg@...thhorseman.net>
To: Michael Orlitzky <michael@...itzky.com>, oss-security@...ts.openwall.com
Subject: Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation

On Wed 2017-08-16 12:10:09 -0400, Michael Orlitzky wrote:
> The problem is avoided by creating the PID file as root, before
> dropping privileges.

The problem can also be avoided by not using PID files at all, and
relying instead on a service manager that actually keeps track of its
children using more robust means (like wait() and SIGCHLD).

Even when a process isn't malicious, if it dies unexpectedly a different
process may spawn re-using the PID stored in the pidfile, in an
accidental collision.

At what point do we treat hacks like pidfiles as security risks more
generally?

pidfiles, self-daemonization, privilege-dropping, are all things that
are easy to get subtly wrong.  What do we need to offer to developers of
daemons to encourage them to just stop doing them?

  --dkg

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ