thr3ads.net - Secure testing team - [Secure-testing-team] Bug#626281: pid file has wrong permissions [May 2011]

If this information is useful, please help other people find it:
Share via:

Martin Zobel-Helas

2011-May-10 14:33 UTC

[Secure-testing-team] Bug#626281: pid file has wrong permissions

Package: keepalived
Version: 1.1.12-1
Severity: grave
Tags: security

Hi,

keepalive writes a public writeable pid file to /var/run

-rw-rw-rw-  1 root     root        5 2011-02-08 13:00 keepalived.pid

Cheers,
Martin


reference: http://lists.debian.org/05578BFF-44FC-41B3-9E8E-C11B5B9A6C11 at
gmail.com
-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- 
 Martin Zobel-Helas <zobel at debian.org>  | Debian System Administrator
 Debian & GNU/Linux Developer           |           Debian Listmaster
 GPG key http://go.debian.net/B11B627B  | 
 GPG Fingerprint:  6B18 5642 8E41 EC89 3D5D  BDBB 53B1 AC6D B11B 627B

Secure testing team - May 2011 - Bug#626281: pid file has wrong permissions

[Secure-testing-team] Bug#626281: pid file has wrong permissions