[Pkg-clamav-devel] Bug#580188: pid file attacks can be used to kill arbitrary processes
Joey Hess
joeyh at debian.org
Tue May 4 06:05:45 UTC 2010
Package: clamav
Version: 0.63.0-2
Severity: normal
Tags: security
The pid files for clamav and freshclam are writable by user clamav.
It that user is compromised, it can replace the pid file contents
with an arbitrary pid, such as 1. Then both init scripts will proceed
to the process.
start-stop-daemon avoids this kind of security flaw by checking
/proc/pid/exe (when run with -exec), or at least the process name (when
run with -name). Neither init script uses it. The lsb init script
pidofproc does not do those checks on Debian at least.
Besides the potential security hole, killing a process that
is stored in a pid file without checking that the pid file is accurate
is asking for trouble. Things go wrong, and pid files, stale.
--
see shy jo
More information about the Pkg-clamav-devel
mailing list