Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87wp63jgxn.fsf@fifthhorseman.net>
Date: Wed, 16 Aug 2017 18:17:40 -0400
From: Daniel Kahn Gillmor <dkg@...thhorseman.net>
To: Michael Orlitzky <michael@...itzky.com>, oss-security@...ts.openwall.com
Subject: Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation

On Wed 2017-08-16 12:10:09 -0400, Michael Orlitzky wrote:
> The problem is avoided by creating the PID file as root, before
> dropping privileges.

The problem can also be avoided by not using PID files at all, and
relying instead on a service manager that actually keeps track of its
children using more robust means (like wait() and SIGCHLD).

Even when a process isn't malicious, if it dies unexpectedly a different
process may spawn re-using the PID stored in the pidfile, in an
accidental collision.

At what point do we treat hacks like pidfiles as security risks more
generally?

pidfiles, self-daemonization, privilege-dropping, are all things that
are easy to get subtly wrong.  What do we need to offer to developers of
daemons to encourage them to just stop doing them?

  --dkg

Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.