On Mon, 4 Oct 2004 03:37, Steve G <linux_4ever(a)yahoo.com> wrote:
>There's still the general problem with discretionary access
control here
>too - A simple misconfiguration in for one of the daemons before it
>drops root privileges could cause it to overwrite the pid file for
>another daemon, violating the system security policy.
I haven't seen this, you'd have to code an exploit just for it. But what I
I believe that the vast majority of exploits are created just for one
particular bug.
Also there have been bugs related to problems in dropping privs, see the
following URL for one example:
http://www.ale.org/archive/ale/ale-2000-06/msg00065.html
I recall that in late 2002 there was a game which had a security hole whereby
corrupt game data could exploit a program that was started at boot as root,
unfortunately I can't find the details.
do see is daemons that crash leaving a pid file. Sooner or later a
pid will
match what's in the pid file and can be killed by mistake. (root is usually
the only one that can do this.) I don't think this was mentioned so far in
this thread. But this is the real problem that people run across more often
wrt pid files, not overwriting a neighboring one.
The solution to this is to check the executable name as well as the PID before
killing. For SE Linux we will probably eventually want to go further and
either check the process context or run the kill command in the same domain
as the daemon.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page