[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8703) slapd should create its PID file before dropping privileges



The problem scenario looks like the following:

1. I run "/etc/init.d/slapd start" to start the daemon.

2. slapd drops to the "slapd" user.

3. slapd writes its PID file, now owned by the "slapd" user.

4. Someone compromises the daemon, which sits on the open network.

5. The attacker is generally limited in what he can do because the
   daemon doesn't run as root. However, he can write "1" into the
   slapd.pid file, and he does.

6. I run "/etc/init.d/slapd stop" to stop the daemon while I investigate
   the weird behavior resulting from the hack.

7. Oops, the machine reboots, because I killed PID 1.