Date: Wed, 16 Aug 2017 18:17:40 -0400 From: Daniel Kahn Gillmor <dkg@...thhorseman.net> To: Michael Orlitzky <michael@...itzky.com>, oss-security@...ts.openwall.com Subject: Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation On Wed 2017-08-16 12:10:09 -0400, Michael Orlitzky wrote: > The problem is avoided by creating the PID file as root, before > dropping privileges. The problem can also be avoided by not using PID files at all, and relying instead on a service manager that actually keeps track of its children using more robust means (like wait() and SIGCHLD). Even when a process isn't malicious, if it dies unexpectedly a different process may spawn re-using the PID stored in the pidfile, in an accidental collision. At what point do we treat hacks like pidfiles as security risks more generally? pidfiles, self-daemonization, privilege-dropping, are all things that are easy to get subtly wrong. What do we need to offer to developers of daemons to encourage them to just stop doing them? --dkg Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.