Am 19.02.21 um 21:05 schrieb Frank Thommen:
Lennart Poettering <lennart@xxxxxxxxxxxxxx> hat am 19.02.2021 15:44 geschrieben:
On Fr, 19.02.21 15:12, Frank Thommen (systemd-devel@xxxxxxxxxxxxxxxx) wrote:
Dear all,
I am experiencing the issue, that an unprivileged user can kill
root-owned processes by changing a service's PIDFile.
The file referenced by PIDFile= should not be under control of an
unpriv user.
v219 is more than 5 years old. Since then we have tightened controls:
I am aware of this, but unfortunately for the time being we are stuck with this version (CentOS 7.4)
i yet need to see a real world usecase which needs "PIDFile=" at all -
systemd kills everything in the cgroup anyways at stop
i even start mariadb with --pid-file=/dev/null and without "mysqlsafe"
for years to get rid of all that shit
not a single service is using "PIDFile=" for years here and frankly i
even forked systemd units only to get rid of that nosense from the 1990s
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
