oss-sec mailing list archives
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation
From: Simon McVittie <smcv () debian org>
Date: Mon, 11 Sep 2017 21:21:42 +0100
On Mon, 11 Sep 2017 at 15:58:45 -0400, Michael Orlitzky wrote:
With OpenRC we get to cheat a little, because we always have the option to run the daemon in the foreground and supervise it.
For SysV, if you don't need readiness-notification (for daemons that other daemons don't depend on, so the ones where Type=simple would be acceptable in a systemd unit) then Debian's start-stop-daemon can provide the daemonization, and create a pid file if desired. This isn't proper supervision, but does give the ability to write the daemon as though it relied on being supervised. start-stop-daemon is shipped as part of dpkg for historical reasons, but I doubt it changes very often. If SysV init script writers wanted to spin it off into a separate upstream project, then it could perhaps eventually become non-Essential in Debian (since it isn't necessary if a machine boots with systemd and all the daemons on that machine have native systemd units), and that seems like a potential win for everyone? (Also, one of the most vocally SysV-based distributions is a Debian derivative, so they have start-stop-daemon anyway.) S
Current thread:
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation, (continued)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Aug 16)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Aug 18)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 06)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Aug 18)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Aug 16)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Sep 11)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie (Sep 11)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation kseifried () redhat com (Sep 11)