On Tue, 04.05.10 01:30, Joey Hess (jo...@debian.org) wrote: > Package: avahi-daemon > Version: 0.6.25-3 > Severity: normal > Tags; security > > /var/run/avahi-daemon/pid is writable by the avahi user. Suppose this > user is compromised. If the pid is overwritten with a different process > id, such as 1, /etc/init.d/avahi-daemon stop will go ahead and kill > that.
Well, I am not too concerned with this issue tbh, given that this file is both outside the chroot and we set RLIMIT_FSIZE to 0. Which basically means that from inside Avahi you cannot write any file anyway, and particularly not that one... > start-stop-daemon avoids this kind of security flaw by checking > /proc/pid/exe (when run with -exec), or at least the process name (when > run with -name). avahi's init script uses avahi -k. which neglects such > checking. Well, both those checks can be easily fooled, they in fact do not improve security. > Besides the (admittedly unlikely since if you can shell avahi you > probably have better things to do) security hole, killing a process that > is stored in a pid file without checking that the pid file is accurate > is asking for trouble. PID files are simply broken. We probably shouldn't use them anyway, and alway rely on the bus name instead. Lennart -- Lennart Poettering Red Hat, Inc. lennart [at] poettering [dot] net http://0pointer.net/lennart/ GnuPG 0x1A015CC4 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
