[Pkg-utopia-maintainers] Bug#580183: Bug#580183: pid file attack can be used to kill arbitrary processes

Joey Hess joeyh at debian.org
Wed Jul 7 23:08:34 UTC 2010


Michael Biebl wrote:
> given Lennarts explanations, are you ok with closing the bug report or do see a
> point in keeping it open?

Since one of my pet frustrations is random people pushing their pet
change with some mantra like "security in depth" -- I don't feel that
it's my place to make that decision.

Lennart Poettering wrote:
> PID files are simply broken. We probably shouldn't use them anyway, and
> alway rely on the bus name instead.

And the current situation is that, in Debian, avahi currently uses a pid
file without even the arguably broken checks that start-stop-daemon makes.
And, even if systemd eventually solves the problem for avahi, Debian has
architectures where systemd will probably never run, but avahi does.

-- 
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20100707/26326fdb/attachment.pgp>


More information about the Pkg-utopia-maintainers mailing list