chmod of some pidfiles
Jille
jille at quis.cx
Wed Apr 16 13:24:00 UTC 2008
Can you flock a file that is readonly for your user ?
It doesn't make sense, it would allow a lot of (local) Denial of
Services, I think ?
Kostik Belousov schreef:
> On Wed, Apr 16, 2008 at 03:12:03PM +0200, Jille wrote:
>> Hello,
>>
>> Today I found out some pidfiles of 'system daemons', have a 'weird' chmod.
>>
>> [quis at istud ~]$ ls -l /var/run/cron.pid
>> -rw------- 1 root wheel 4 Mar 1 19:25 /var/run/cron.pid
>>
>> Can somebody tell me why it is 0600 ?
>> I don't think it will harm if it is 0644 ?
>>
>> I think this is only useful if the security.bsd.see_other_uids sysctl is
>> set to 0.
>
> They are 0600 so that the advisory locking works reliably on them.
> More details:
> the daemons flock() the pidfile to indicate that it is alive. Any other
> process may lock the file that can be opened for reading. Having more
> permissive mode would allow anybody to lock the pidfile, falsely indicating
> that the daemon is still alive, while it in fact died.
More information about the freebsd-current
mailing list