Ubuntu
pyro package

pidfile in /tmp, opened insecurely

Bug #830742 reported by Luke Faraone
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pyro (Debian)
Fix Released
Unknown
pyro (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

"""
class Daemonizer:
[...]
    def __init__(self, pidfile=None):
        if not pidfile:
            self.pidfile = "/tmp/%s.pid" % self.__class__.__name__.lower()
        else:
            self.pidfile = pidfile
[...]
    def daemon_start(self, start_as_daemon=1):
        if start_as_daemon:
            self.become_daemon()
        if self.is_process_running():
            msg = "Unable to start server. Process is already running."
            raise DaemonizerException(msg)
        f = open(self.pidfile, 'w')
        f.write("%s" % os.getpid())
        f.close()
        self.main_loop()

and:

class NSD(Daemonizer):
    def __init__(self):
        Daemonizer.__init__(self)

    def main_loop(self):
        Pyro.naming.main(sys.argv[1:])

if __name__ == "__main__":
    NSD().process_command_line(sys.argv)

results in root opening /tmp/nsd.pid on startup.

Cheers,
Julien
"""

Luke Faraone (lfaraone)
Changed in pyro (Ubuntu):
status: New → In Progress
status: In Progress → Triaged
importance: Undecided → Medium
Luke Faraone (lfaraone)
visibility: private → public
Bug Watch Updater (bug-watch-updater)
Changed in pyro (Debian):
status: Unknown → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in pyro (Debian):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pyro - 1:3.9.1-2ubuntu1

---------------
pyro (1:3.9.1-2ubuntu1) oneiric; urgency=low

  * SECURITY UPDATE: arbitrary file overwriting via symlink (LP: #830742)
      - store pidfile in /var/run instead of /tmp
      - Pyro/ext/daemonizer.py changed default location to /var/run
      - Pyro/ext/daemonizer.py added command-line parameter (--pidfile=...) to
        override default pidfile location
      - default location for pidfile is tunable via /etc/default/pyro-nsd
      - CVE-2011-2765
 -- Gustavo Goretkin <email address hidden> Mon, 22 Aug 2011 21:28:26 -0400

Changed in pyro (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.