pidfile in /tmp, opened insecurely
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pyro (Debian) |
Fix Released
|
Unknown
|
|||
pyro (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
"""
class Daemonizer:
[...]
def __init__(self, pidfile=None):
if not pidfile:
else:
[...]
def daemon_start(self, start_as_daemon=1):
if start_as_daemon:
if self.is_
msg = "Unable to start server. Process is already running."
raise DaemonizerExcep
f = open(self.pidfile, 'w')
f.close()
and:
class NSD(Daemonizer):
def __init__(self):
def main_loop(self):
if __name__ == "__main__":
NSD(
results in root opening /tmp/nsd.pid on startup.
Cheers,
Julien
"""
CVE References
Changed in pyro (Ubuntu): | |
status: | New → In Progress |
status: | In Progress → Triaged |
importance: | Undecided → Medium |
visibility: | private → public |
Changed in pyro (Debian): | |
status: | Unknown → Fix Committed |
Changed in pyro (Debian): | |
status: | Fix Committed → Fix Released |
This bug was fixed in the package pyro - 1:3.9.1-2ubuntu1
---------------
pyro (1:3.9.1-2ubuntu1) oneiric; urgency=low
* SECURITY UPDATE: arbitrary file overwriting via symlink (LP: #830742) daemonizer. py changed default location to /var/run daemonizer. py added command-line parameter (--pidfile=...) to pyro-nsd
- store pidfile in /var/run instead of /tmp
- Pyro/ext/
- Pyro/ext/
override default pidfile location
- default location for pidfile is tunable via /etc/default/
- CVE-2011-2765
-- Gustavo Goretkin <email address hidden> Mon, 22 Aug 2011 21:28:26 -0400