[snips-users] keepalive bug

[Date Prev] [Date Next]

[Thread Prev] [Thread Next]

[Date Index] [Thread Index]

[snips-users] keepalive bug

To: nocol-users at navya com
Subject: [snips-users] keepalive bug
From: Russell Van Tassell <russell at loosenut com>
Date: Sat, 10 Apr 2004 15:19:21 -0700

Ok, found a pseudo-obscure bug... actually surprised it hasn't been seen
previously.  But keepalive_monitors.pl fails to check the NAME of the
process it's trying to restart... it blindly kills whatever PID is
listed in any existing PID file -- this could, of course, be used as a
local 'sploit in obscure situations (eg. user's able to write/create
that file, could now kill processes owned by the user running the
keepalive script (which hopefully IS NOT root)).

I'll see about working on a patch, though I've not had a whole lot of
time recently for a whole lot of anything.

Russell


-- 
Russell M. Van Tassell
russell at loosenut com

"Don't get suckered in by the comments -- they can be terribly
 misleading.  Debug only code."                           -- Dave Storer

Prev by Date: [snips-users] Fix for no subdevices being logged "+device" and not "/var+device"
Next by Date: Re: [snips-users] rrdgraph.cgi
Previous by thread: [snips-users] rrdgraph.cgi
Next by thread: [snips-users] Recent hostmon-client / hostmon-client.linux
Index(es):
- Date
- Thread

Zyrion Traverse Network Monitoring & Network Management Software