[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8703) slapd should create its PID file before dropping privileges

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8703) slapd should create its PID file before dropping privileges
From: ryan@openldap.org
Date: Tue, 05 Sep 2017 21:38:14 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

On Fri, Jul 28, 2017 at 07:35:47PM +0000, michael@orlitzky.com wrote:
>The slapd daemon should create its PID file before dropping privileges. This
>represents a minor security issue; additional factors are needed to make it
>exploitable.

If I understood you correctly, "Additional factors are needed" basically 
means you have to find a code execution vulnerability in slapd? At that 
point I think you can do much more interesting things - pretending that 
your user is uid 0, or in various admin groups are only the first ideas 
that come to mind.

If you would like to propose a patch, we could review that. For myself I 
don't think I would attach a high priority to this.

Howard pointed out on IRC that if the directory containing the pid file 
is sticky, making it owned by root means slapd can no longer remove it 
on exit. I'm not sure how common that is but it's a setup that works 
right now.

Prev by Date: Re: (ITS#8703) slapd should create its PID file before dropping privileges
Next by Date: Re: (ITS#8714)
Index(es):
- Chronological
- Thread