Bugtraq mailing list archives
Re: apcupsd 3.7.2 Denial of Service
From: nash <nash () ROHAN SDSU EDU>
Date: Tue, 12 Dec 2000 09:55:00 -0800
Title: apcupsd 3.7.2 Denial of Service Affected Application: apcupsd daemon
...
Problem: During startup apcupsd creates a PID-file named "apcupsd.pid" in /var/run (system specific, maybe other directory) with the ID of the daemon process, this PID-file is used by the shutdown-script to kill the daemon process. Unfortunatly this PID-file ist world-writeable (Mode 666, -rw-rw-rw). A malicious user can overwrite the file with arbitrary process ID's, these processes will be killed instead of the apcupsd process during restart or stop of the apcupsd daemon and during system shutdown or restart, the whole system can be crashed this way.
...
User's who don't want to upgrade can add two lines to the "start" section in the apcupsd startup script in /etc/rc.d or /sbin/init.d :
why not just add umask 022? ---begin--- start) umask 022 rm -f /etc/apcupsd/powerfail rm -f /etc/nologin echo -n "Starting apcupsd power management" $APCUPSD || return=$rc_failed echo -e "$return" ;; ---end--- -Ron
matze () joonix de
Current thread:
- apcupsd 3.7.2 Denial of Service Mattias Dartsch (Dec 07)
- Re: apcupsd 3.7.2 Denial of Service nash (Dec 13)
- Re: apcupsd 3.7.2 Denial of Service Mattias Dartsch (Dec 15)
- Re: apcupsd 3.7.2 Denial of Service nash (Dec 13)