[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8703) slapd should create its PID file before dropping privileges

On 09/05/2017 05:38 PM, Ryan Tandy wrote:
> If you would like to propose a patch, we could review that. For myself I 
> don't think I would attach a high priority to this.

I understand that it's a low priority, I'm just trying to clean up the
hundred or so cases of this that we have in Gentoo. In a few, it's
impossible to do so because of the way the daemon creates the PID file
(like it is here), so I'm doing bugs/CVEs to keep track of them. This
way that distribution maintainers have something to watch and will know
when they can fix their init scripts.

> Howard pointed out on IRC that if the directory containing the pid file 
> is sticky, making it owned by root means slapd can no longer remove it 
> on exit. I'm not sure how common that is but it's a setup that works 
> right now.

Typically the PID file would go directly in /run (or /var/run) and be
owned by root. That means that you can't clean it up when the daemon
exits, but no one expects a daemon to do that.

Practically, the PID file exists solely for the benefit of init systems.
Given the choice between,

  1. How do I determine if I can trust the contents of this file owned
     by an untrusted user?

  2. How do I remove the PID file after killing the daemon?

the second is much easier to do. The first is next to impossible to get
right; so if we have to pick one, that's the way to go IMO.