Bug#626281: [Keepalived-devel] Security problem in keepalived's pid handling/daemonize code

Tue, 10 May 2011 12:24:17 -0700 

OoO  Lors de  la soirée  naissante  du mardi  10 mai  2011, vers  17:15,
Alexander Wirt <formo...@debian.org> disait :

>> Readwrite permissions to the pidfile of a daemon is a really bad idea. a
>> umask of 000 is probably never a good idea. So I think removing that lines
>> from keepalived/check/check_daemon.c, keepalived/core/daemon.c and
>> keepalived/vrrp/vrrp_daemon.c. 
> After thinking a little bit longer about it, it maybe makes sense to clear a
> users umask. But if this is the case, we should explicitly set permissions
> for the pidfile (and take care we did that for every open..). 

Yes. Here is a patch. I have checked other invocations of open/fopen and
this was the sole invocation which was faulty.


From 78aac2699469d610b5aa2f45dac4a30bd379938a Mon Sep 17 00:00:00 2001
From: Vincent Bernat <ber...@luffy.cx>
Date: Tue, 10 May 2011 21:17:22 +0200
Subject: [PATCH] Set correct rights on PID file.

This file was writable by anybody, leading to the possibility of
writing any PID an waiting for some admin to restart keepalived to
kill the process of your choice.
---
 keepalived/core/pidfile.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/keepalived/core/pidfile.c b/keepalived/core/pidfile.c
index 383912e..0c3ea33 100644
--- a/keepalived/core/pidfile.c
+++ b/keepalived/core/pidfile.c
@@ -20,6 +20,9 @@
  * Copyright (C) 2001-2011 Alexandre Cassen, <acas...@linux-vs.org>
  */
 
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
 #include "logger.h"
 #include "pidfile.h"
 extern char *main_pidfile;
@@ -30,7 +33,9 @@ extern char *vrrp_pidfile;
 int
 pidfile_write(char *pid_file, int pid)
 {
-	FILE *pidfile = fopen(pid_file, "w");
+	FILE *pidfile = NULL;
+	int pidfd = creat(pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+	if (pidfd != -1) pidfile = fdopen(pidfd, "w");
 
 	if (!pidfile) {
 		log_message(LOG_INFO, "pidfile_write : Can not open %s pidfile",
-- 
1.7.5.1


-- 
printk(KERN_ERR "msp3400: chip reset failed, penguin on i2c bus?\n");
        2.2.16 /usr/src/linux/drivers/char/msp3400.c

Attachment: pgp4ofJ2KKCUb.pgp
Description: PGP signature

Reply via email to