[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: /var/run/directory/
- From: Bill Nottingham <notting redhat com>
- To: russell coker com au, Development discussions related to Fedora Core <fedora-devel-list redhat com>
- Cc:
- Subject: Re: /var/run/directory/
- Date: Fri, 1 Oct 2004 14:45:58 -0400
Russell Coker (russell coker com au) said:
> Currently in the strict policy every daemon is permitted to create files
> under /var/run. The problem is that a daemon which runs as root can (if
> compromised) create /var/run files with the names used by other daemons if
> the daemon is not running at the time. This interferes with stopping and
> starting daemons.
>
> The solution to this is to have a directory under /var/run for each daemon and
> give write access to that directory only to the daemon that uses it. For
> daemons that run as non-root this also makes things easier for non-SE systems
> as there is no need to create a pidfile such as /var/run/sm-client.pid and
> chown it, the directory can just have the permissions needed to allow file
> creation by the daemon.
>
> Can anyone think of a reason not to do this? Or should I just start filing
> bugzilla entries against all packages that have /var/run/daemon.pid files?
Well, it will break parts of the initscripts if it's just done
in the daemons. :)
Bill
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]