[pkg-uWSGI-devel] Bug#1128380: uwsgi[-core] insecure PID file work-around (at least for use under mailman3-web)
Alexandre Rossi
niol at zincube.net
Sun Feb 22 09:27:29 GMT 2026
Control: forwarded -1 https://github.com/unbit/uwsgi/pull/2752
Hi,
> The issue is uwsgi[-core] at least with it insecurely
> creating the PID file. It explicitly calls umask(0),
> changing the umask to 0[00] before creating the PID file.
It's a combination of --pidfile and --daemonize that is required to trigger
the problem.
Workaround is to use --umask.
> > uwsgi does not try to mess with umask of existing pidfiles. Should it? I'm
> > not sure how this is used by external scripts... My guess is that scripts
> > using uwsgi --pidfile should set umask as they wish and correctly cleanup
> > left over pidfiles if uwsgi crashes.
>
> Problem is when uwsgi creates the PID file, it creates it insecurely,
> even if a secure umask is set before it's invoked.
> My work-around pre-creates the PID file, as you're correct that
> uwsgi doesn't change permissions on the file if it already exists.
>
> > systemd users are clearly not concerned, not using pidfiles in default
> > conf.
>
> Yes, for those using systemd it might partially or entirely mask the
> issue.
>
> > Conclusion: I think mailman3-web needs fixing, maybe removing exiting pidfiles
>
> Sorry, I beg to differ on that. It's uwsgi that's insecurely creating PID file.
> mailman3-web is but one package that uses uwsgi[-core], and
> uwsgi[-core] may similarly impact other packages. Shouldn't really have to play
> whack-a-mole implementing work-around for uwsgi issue in ever package that
> does or may come to use uwsgi. :-)
Ack, I proposed a fix upstream.
Thanks,
Alex
More information about the pkg-uWSGI-devel
mailing list