[Date Prev]   [Date Next] [Thread Prev]   [Thread Next] [Date Index]   [Thread Index]


     [snips-users] keepalive bug

Ok, found a pseudo-obscure bug... actually surprised it hasn't been seen
previously.  But keepalive_monitors.pl fails to check the NAME of the
process it's trying to restart... it blindly kills whatever PID is
listed in any existing PID file -- this could, of course, be used as a
local 'sploit in obscure situations (eg. user's able to write/create
that file, could now kill processes owned by the user running the
keepalive script (which hopefully IS NOT root)).

I'll see about working on a patch, though I've not had a whole lot of
time recently for a whole lot of anything.


Russell M. Van Tassell
russell at loosenut com

"Don't get suckered in by the comments -- they can be terribly
 misleading.  Debug only code."                           -- Dave Storer

Zyrion Traverse Network Monitoring & Network Management Software