[18027] in bugtraq
Re: apcupsd 3.7.2 Denial of Service
daemon@ATHENA.MIT.EDU (nash)
Tue Dec 12 16:37:33 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <200012121755.JAA14682@rohan.sdsu.edu>
Date: Tue, 12 Dec 2000 09:55:00 -0800
Reply-To: nash <nash@ROHAN.SDSU.EDU>
From: nash <nash@ROHAN.SDSU.EDU>
X-To: matze@JOONIX.DE
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <023f01c05faf$784afdf0$0200a8c0@joonix.de> from "Mattias Dartsch"
at Dec 06, 2000 07:07:11 PM
>
> Title: apcupsd 3.7.2 Denial of Service
>
> Affected Application: apcupsd daemon
...
> Problem:
>
> During startup apcupsd creates a PID-file named "apcupsd.pid" in /var/run
> (system specific, maybe other directory) with the ID of the daemon process,
> this PID-file is used by the shutdown-script to kill the daemon process.
>
> Unfortunatly this PID-file ist world-writeable (Mode 666, -rw-rw-rw). A
> malicious user can overwrite the file with arbitrary process ID's, these
> processes will be killed instead of the apcupsd process during restart or
> stop of the apcupsd daemon and during system shutdown or restart, the whole
> system can be crashed this way.
...
> User's who don't want to upgrade can add two lines to the "start" section in
> the apcupsd startup script in /etc/rc.d or /sbin/init.d :
why not just add umask 022?
---begin---
start)
umask 022
rm -f /etc/apcupsd/powerfail
rm -f /etc/nologin
echo -n "Starting apcupsd power management"
$APCUPSD || return=$rc_failed
echo -e "$return"
;;
---end---
-Ron
>
> matze@joonix.de
>
