On Mon, 4 Oct 2004 03:37, Steve G <linux_4ever@xxxxxxxxx> wrote: > >There's still the general problem with discretionary access control here > >too - A simple misconfiguration in for one of the daemons before it > >drops root privileges could cause it to overwrite the pid file for > >another daemon, violating the system security policy. > > I haven't seen this, you'd have to code an exploit just for it. But what I I believe that the vast majority of exploits are created just for one particular bug. Also there have been bugs related to problems in dropping privs, see the following URL for one example: http://www.ale.org/archive/ale/ale-2000-06/msg00065.html I recall that in late 2002 there was a game which had a security hole whereby corrupt game data could exploit a program that was started at boot as root, unfortunately I can't find the details. > do see is daemons that crash leaving a pid file. Sooner or later a pid will > match what's in the pid file and can be killed by mistake. (root is usually > the only one that can do this.) I don't think this was mentioned so far in > this thread. But this is the real problem that people run across more often > wrt pid files, not overwriting a neighboring one. The solution to this is to check the executable name as well as the PID before killing. For SE Linux we will probably eventually want to go further and either check the process context or run the kill command in the same domain as the daemon. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
