Take a look in /var/run. Find a pid file that is owned by a non-root user. Now, look at the corresponding init script. What does it stop if that non-root user edited the pid file to contain '1'?
I surveyed 20-odd daemons, and found 5 with this problem. This is a pity, because start-stop-daemon has been able to guard against this problem since its inception, by using the --exec or --name switches to ensure that the process it stops is actually the daemon in question. Of the scripts surveyed, one used start-stop-daemon without either switch; others used things like pidofproc from the LSB init functions, which does not do such checks, or asked the daemon to kill itself, and it didn't check. As security problems go, being able to DOS a system by killing targeted processes, slowly, is not very bad. After all, it could be fork bombed or OOMed just as effectively. Security aside, there's an overall correctness issue: There's the chance that a daemon will unexpectly die, and its PID be reused by an unrelated process, which is later incorrectly stopped. There is room for improvement here; perhaps the developer's reference should document best practices of using start-stop-daemon --stop --exec or --name. -- see shy jo, who has the feeling he wrote something similar a decade ago, *sigh*
signature.asc
Description: Digital signature