cvs commit: src/lib/libutil pidfile.3
rwatson at FreeBSD.org
Mon Sep 19 03:48:43 PDT 2005
On Mon, 19 Sep 2005, Jeremie Le Hen wrote:
>>> FreeBSD src repository
>>> Modified files:
>>> lib/libutil pidfile.3
>>> Pidfiles should be created with permission preventing users from
>>> them for reading. When user can open file for reading, he can also
>>> flock(2) it, which can lead to confusions.
>> This means that a monitoring tool would need to run with elevated
>> privileges to determine the PID of the process to monitor, correct?
> I can't see what's the problem with disclosing daemons' PID to all
> users, given they won't be able to signal it or such anyway.
The problem isn't with revealing the pid, it's with allowing arbitrary
access to the pidfile. Specifically, a malicious reader can open the file
and acquire a lock on it, preventing the program or monitoring tools from
acquiring a lock, which they try to do unconditionally as part of their
activities. This is a hard-to-address issue, since sometimes you want
locking to span users, and sometimes you don't. The only preventative
measure, should one care enough, is to prevent untrusted parties from
being able to open the file.
Robert N M Watson
More information about the cvs-all