Bugtraq mailing list archives
Re: apcupsd 3.7.2 Denial of Service
From: Mattias Dartsch <matze () JOONIX DE>
Date: Wed, 13 Dec 2000 12:50:24 +0100
Hi, the problem is a missing umask() in the main program code, this was fixed in Version 3.8.0. The fix in the advisory was thought as a temporary solution for people who DON'T want to upgrade or recompile, they only have to alter the /etc/rc.d/apcupsd script. Setting a umask in a /etc/rc.d script can lead to strange side effects, since this umask setting is used for the following script's too, that's why i used chmod. If you still want to use umask instead of chmod, you have to use a syntax like this to avoid unwanted side effects: ---begin--- (umask 0077 ; $APCUPSD) || return=$rc_failed ---end--- (Thanks to Jukka A. Ukkonen) greets, Mattias Dartsch matze () joonix de ----- Original Message ----- From: nash <nash () ROHAN SDSU EDU> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Tuesday, December 12, 2000 6:55 PM Subject: Re: [BUGTRAQ] apcupsd 3.7.2 Denial of Service
Title: apcupsd 3.7.2 Denial of Service Affected Application: apcupsd daemon...Problem: During startup apcupsd creates a PID-file named "apcupsd.pid" in
/var/run
(system specific, maybe other directory) with the ID of the daemon
process,
this PID-file is used by the shutdown-script to kill the daemon process. Unfortunatly this PID-file ist world-writeable (Mode 666, -rw-rw-rw). A malicious user can overwrite the file with arbitrary process ID's, these processes will be killed instead of the apcupsd process during restart
or
stop of the apcupsd daemon and during system shutdown or restart, the
whole
system can be crashed this way....User's who don't want to upgrade can add two lines to the "start"
section in
the apcupsd startup script in /etc/rc.d or /sbin/init.d :why not just add umask 022? ---begin--- start) umask 022 rm -f /etc/apcupsd/powerfail rm -f /etc/nologin echo -n "Starting apcupsd power management" $APCUPSD || return=$rc_failed echo -e "$return" ;; ---end--- -Ron
Current thread:
- apcupsd 3.7.2 Denial of Service Mattias Dartsch (Dec 07)
- Re: apcupsd 3.7.2 Denial of Service nash (Dec 13)
- Re: apcupsd 3.7.2 Denial of Service Mattias Dartsch (Dec 15)
- Re: apcupsd 3.7.2 Denial of Service nash (Dec 13)