OoO Vers la fin de l'après-midi du mardi 10 mai 2011, vers 16:52, Alexander Wirt <formo...@debian.org> disait :
> today I got a bugreport about a security problem in keepalived. It seems that > keepalived daemonize code explicitly sets umask(0) which leads to interesting > results: > -rw-rw-rw- 1 root root 6 2010-11-24 00:12 keepalived.pid > -rw-rw-rw- 1 root root 5 2011-02-08 13:00 keepalived.pid > -rw-rw-rw- 1 root root 5 2011-02-08 13:00 vrrp.pid > Readwrite permissions to the pidfile of a daemon is a really bad idea. a > umask of 000 is probably never a good idea. So I think removing that lines > from keepalived/check/check_daemon.c, keepalived/core/daemon.c and > keepalived/vrrp/vrrp_daemon.c. Hi! umask(0) is a classic way to daemonize a processus. See: http://www.unixguide.net/unix/programming/1.7.shtml The problem is with fopen() that does not allow to set a mode. Maybe we should use creat() before fopen()? -- BOFH excuse #26: first Saturday after first full moon in Winter
pgpHTpN4V2GFy.pgp
Description: PGP signature
