[Mimedefang] Privilege escalation via PID file manipulation
Michael Orlitzky
michael at orlitzky.com
Thu Aug 31 12:11:05 EDT 2017
On 08/31/2017 11:55 AM, Dianne Skoll wrote:
>
>> You'll have to forgive the stupid question since I'm not a regular
>> user of MIMEDefang, but what's the purpose of the file lock? Is it to
>> prevent multiple daemons from running at the same time when they're
>> not managed by an init system?
>
> Yep. In the days of systemd and the like, this is probably not
> necessary, but not everyone runs systemd.
Hmmm, in that case, maybe the PID file is being reused for a purpose
that it isn't really suited for? The contents of the PID file are
slightly sensitive, since init scripts tend to trust them -- but the
contents of a lock file aren't. Would it make more sense to have a
separate lock file, whose only purpose is to prevent multiple daemons
from starting (and not to provide info to an init system)?
> If people do use systemd or whatever, then they'd start mimedefang and
> mimedefang-multiplexor without the options that create the pidfiles
> and let systemd manage the processes.
Yeah, this is pretty much only an issue for traditional SysV-style init
systems, because trying to answer "can I trust the contents of this PID
file?" is next to impossible in portable shell script.
More information about the MIMEDefang
mailing list