Alexander Wirt schrieb am Dienstag, den 10. Mai 2011: > tag 626281 upstream > thanks > > Hi, > > today I got a bugreport about a security problem in keepalived. It seems that > keepalived daemonize code explicitly sets umask(0) which leads to interesting > results: > -rw-rw-rw- 1 root root 6 2010-11-24 00:12 keepalived.pid > -rw-rw-rw- 1 root root 5 2011-02-08 13:00 keepalived.pid > -rw-rw-rw- 1 root root 5 2011-02-08 13:00 vrrp.pid > > Readwrite permissions to the pidfile of a daemon is a really bad idea. a > umask of 000 is probably never a good idea. So I think removing that lines > from keepalived/check/check_daemon.c, keepalived/core/daemon.c and > keepalived/vrrp/vrrp_daemon.c. After thinking a little bit longer about it, it maybe makes sense to clear a users umask. But if this is the case, we should explicitly set permissions for the pidfile (and take care we did that for every open..).
Alex -- Alexander Wirt, formo...@formorer.de CC99 2DDD D39E 75B0 B0AA B25C D35B BC99 BC7D 020A -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
