[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8703) slapd should create its PID file before dropping privileges

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8703) slapd should create its PID file before dropping privileges
From: hyc@symas.com
Date: Sat, 29 Jul 2017 14:55:39 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

michael@orlitzky.com wrote:
> Full_Name: Michael Orlitzky
> Version: 2.4.45
> OS: Gentoo
> URL:
> Submission from: (NULL) (98.218.46.55)
> 
> 
> The slapd daemon should create its PID file before dropping privileges. This
> represents a minor security issue; additional factors are needed to make it
> exploitable.
> 
> Why?
> 
> The purpose of the PID file is to hold the PID of the running daemon,
> so that later it can be stopped, restarted, or otherwise signalled
> (many daemons reload their configurations in response to a SIGHUP).
> To fulfill that purpose, the contents of the PID file need to be
> trustworthy. If the PID file is writable by a non-root user, then he
> can replace its contents with the PID of a root process.

Not sure this is a valid concern. The uid used to run services should not 
actually have a valid login shell, and thus should not ever be usable for any 
purpose other than running the daemon from init.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#8703) slapd should create its PID file before dropping privileges
Next by Date: Re: (ITS#8703) slapd should create its PID file before dropping privileges
Index(es):
- Chronological
- Thread