[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Whom the BIND newest vulnerability concerns?

On Mon, Nov 15, 1999 at 07:55:12PM +0100, Russell Coker wrote:
> 
> Programs running with group daemon used to run as root!  A program that many
> people trust enough to run as root is a program that I usually trust enough
> to give write access to /var/run.
> Also with the sticky bit on /var/run they can't delete each other's pid files
> so if such a program is compromised it can't interfere with a running daemon.

But you could create a DoS situation by creating somebody else's PID file.
If you create the right ones, you might even trick someone from killing an
important daemon.
-- 
Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Reply to: