Re: (ITS#8703) slapd should create its PID file before dropping privileges

[michael@orlitzky.com]

On 09/06/2017 08:29 AM, Howard Chu wrote:
> 
>> 4. Someone compromises the daemon, which sits on the open network.
> 
> Nobody compromises slapd from the network. There are no buffer overflow 
> vulnerabilities, there are no RCE vulnerabilities.
> 

Oh, it's one of /those/ daemons.


>>
>> 6. I run "/etc/init.d/slapd stop" to stop the daemon while I investigate
>>    the weird behavior resulting from the hack.
> 
> Even if that were possible, it's clearly a bug in the init script, which 
> failed to check that the process with that PID was the process it was 
> expecting to find. Note that this is something any init script needs to do 
> anyway, since PID files can go stale and some other process may be using the 
> PID by the time you reference the file.

Have you ever seen such an init script?

How should the init system know what process it was expecting to find,
if not by reading that process's PID from the PID file?

If you decide not to write the PID file as root, that's of course up to
you, but I still have to tell something to the people who ship OpenLDAP
as part of their distributions. I can tell them "Howard says it should
be easy," but considering that no one has ever done it, that's not real
helpful advice.

There are only two requirements really: it needs to be portable POSIX
sh, and the stop() function must only kill the one process created by
start(). If you give that a shot, you might see why I suggested that
this be fixed in slapd.