Hey, it was reported that keepalived (and some other daemons) store their pid file with permission 666. A bug was opened for keepalived in Debian, could a CVE be assigned to the issue?
Bug text was: On mar., 2011-05-10 at 16:33 +0200, Martin Zobel-Helas wrote: > Package: keepalived > Version: 1.1.12-1 > Severity: grave > Tags: security > > Hi, > > keepalive writes a public writeable pid file to /var/run > > -rw-rw-rw- 1 root root 5 2011-02-08 13:00 keepalived.pid > > Cheers, > Martin > > > reference: > http://lists.debian.org/05578bff-44fc-41b3-9e8e-c11b5b9a6...@gmail.com Thanks, -- Yves-Alexis -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
