On 2010-05-04, Salvo Tomaselli <tipos...@tiscali.it> wrote: > On Tuesday 04 May 2010 08:25:25 Joey Hess wrote: >> Take a look in /var/run. Find a pid file that is owned by a non-root >> user. Now, look at the corresponding init script. What does it stop if >> that non-root user edited the pid file to contain '1'? > The fact that they are not owned by root doesn't mean you can edit them, they > would probably be owned by a specific user for that daemon and will not have > write access for others.
So if I trick the daemon to write 1 to that file it's ok? Sure, tricking a program into doing something the admin didn't intend is a bug in itself, still we shouldn't leave that hole open. (Putting the PID file a-w might help with that, though, no?) Kind regards, Philipp Kern -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/slrnhtvr9r.m67.tr...@kelgar.0x539.de
