[Python-modules-team] Bug#631912: pyro: pidfile in /tmp, opened insecurely
Julien Cristau
julien.cristau at logilab.fr
Tue Jun 28 08:41:31 UTC 2011
Package: pyro
Version: 3.9.1-1
Severity: grave
Tags: security
Justification: user security hole
class Daemonizer:
[...]
def __init__(self, pidfile=None):
if not pidfile:
self.pidfile = "/tmp/%s.pid" % self.__class__.__name__.lower()
else:
self.pidfile = pidfile
[...]
def daemon_start(self, start_as_daemon=1):
if start_as_daemon:
self.become_daemon()
if self.is_process_running():
msg = "Unable to start server. Process is already running."
raise DaemonizerException(msg)
f = open(self.pidfile, 'w')
f.write("%s" % os.getpid())
f.close()
self.main_loop()
and:
class NSD(Daemonizer):
def __init__(self):
Daemonizer.__init__(self)
def main_loop(self):
Pyro.naming.main(sys.argv[1:])
if __name__ == "__main__":
NSD().process_command_line(sys.argv)
results in root opening /tmp/nsd.pid on startup.
Cheers,
Julien
-- System Information:
Debian Release: 6.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pyro depends on:
ii python 2.6.6-3+squeeze6 interactive high-level object-orie
ii python-support 1.0.10 automated rebuilding support for P
pyro recommends no packages.
Versions of packages pyro suggests:
pn pyro-doc <none> (no description available)
pn pyro-gui <none> (no description available)
-- no debconf information
More information about the Python-modules-team
mailing list