Bug#889144: stricter PIDfile handling breaks several daemons
Michael Biebl
biebl at debian.org
Sun Feb 4 16:25:23 GMT 2018
Am 03.02.2018 um 14:35 schrieb Sven Hartge:
> Um 14:00 Uhr am 03.02.18 schrieb Michael Biebl:
>> The alternative afaics would be, that the daemon writes the pid file as
>> munin:munin then (or ulog:ulog for the above case).
>
> No, this would open a potential DoS vector.
>
> Image an attacker gaining access to the munin user. He would then be able
> to write any PID to the PIDfile and the init system would kill the other
> process when the munin-node service is stopped/restarted.
>
I don't think this applies to systemd though. If the process id listed
in the pid file is not found in the service cgroup, systemd should not
kill the process listed in the pid file. I suspect that MainPID will not
be properly set and systemd will complain about it.
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180204/5ac422e0/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list