* Carsten Hey [2012-06-04 09:36 +0200]: > start-stop-daemon should not follow symlinks: > > # ls -l /etc/shadow /var/run/foo.pid > -rw-r----- 1 root shadow 662 Apr 10 12:20 /etc/shadow > lrwxrwxrwx 1 nobody nogroup 11 Jun 4 06:00 /var/run/foo.pid -> /etc/shadow > # start-stop-daemon --start --verbose --make-pidfile --pidfile > /var/run/foo.pid --exec /bin/true > Starting /bin/true... > # ls -l /etc/shadow /var/run/foo.pid > -rw-r----- 1 root shadow 6 Jun 4 07:32 /etc/shadow > lrwxrwxrwx 1 nobody nogroup 11 Jun 4 06:00 /var/run/foo.pid -> /etc/shadow
I forgot to clarify that this is _not_ a security problem in Debian since /var/run is only writeable by root. In custom setups it could be a security problem if a directory writeable by the service is used for the pid files. Carsten -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
