On Sun, 2004-10-03 at 14:24 -0700, Steve G wrote:
> >a system administrator could accidentally overwrite e.g. the <pidfile>
> >section of /etc/dbus/system.conf when pasting in configuration from elsewhere.
>
> I see what you're talking about. Why is that configurable? All other daemons I've
> audited have it hardcoded either in config.h, a header, or right in the .c files.
>
> find /usr/sbin/ -name '*' -exec strings {} \; | grep \/var\/run
>
> In addition to selinux enhancement, I'd take the pid file configuration out of
> the dbus.conf file. That flexibility just isn't needed and as mentioned, might
> actually be a security risk.
>
It's configurable because the same executable is the system daemon and
the session daemon, they differ by config file. The session daemon has
no pidfile.
The filename could be in config.h though, just not the flag for whether
to write it out.
Havoc
