OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: apcupsd 3.7.2 Denial of Service
From: nash (nashROHAN.SDSU.EDU)
Date: Tue Dec 12 2000 - 11:55:00 CST

>
> Title: apcupsd 3.7.2 Denial of Service
>
> Affected Application: apcupsd daemon
...
> Problem:
>
> During startup apcupsd creates a PID-file named "apcupsd.pid" in /var/run
> (system specific, maybe other directory) with the ID of the daemon process,
> this PID-file is used by the shutdown-script to kill the daemon process.
>
> Unfortunatly this PID-file ist world-writeable (Mode 666, -rw-rw-rw). A
> malicious user can overwrite the file with arbitrary process ID's, these
> processes will be killed instead of the apcupsd process during restart or
> stop of the apcupsd daemon and during system shutdown or restart, the whole
> system can be crashed this way.
...
> User's who don't want to upgrade can add two lines to the "start" section in
> the apcupsd startup script in /etc/rc.d or /sbin/init.d :

why not just add umask 022?

---begin---

    start)
        umask 022
        rm -f /etc/apcupsd/powerfail
        rm -f /etc/nologin
        echo -n "Starting apcupsd power management"
        $APCUPSD || return=$rc_failed
        echo -e "$return"
    ;;

---end---

-Ron
>
> matzejoonix.de
>