[Date Prev][Date Next]
Re: (ITS#8703) slapd should create its PID file before dropping privileges
On 09/05/2017 05:38 PM, Ryan Tandy wrote:
> If you would like to propose a patch, we could review that. For myself I
> don't think I would attach a high priority to this.
I understand that it's a low priority, I'm just trying to clean up the
hundred or so cases of this that we have in Gentoo. In a few, it's
impossible to do so because of the way the daemon creates the PID file
(like it is here), so I'm doing bugs/CVEs to keep track of them. This
way that distribution maintainers have something to watch and will know
when they can fix their init scripts.
> Howard pointed out on IRC that if the directory containing the pid file
> is sticky, making it owned by root means slapd can no longer remove it
> on exit. I'm not sure how common that is but it's a setup that works
> right now.
Typically the PID file would go directly in /run (or /var/run) and be
owned by root. That means that you can't clean it up when the daemon
exits, but no one expects a daemon to do that.
Practically, the PID file exists solely for the benefit of init systems.
Given the choice between,
1. How do I determine if I can trust the contents of this file owned
by an untrusted user?
2. How do I remove the PID file after killing the daemon?
the second is much easier to do. The first is next to impossible to get
right; so if we have to pick one, that's the way to go IMO.