Date: Wed, 16 Apr 2008 15:23:45 +0200 From: Jille <jille@quis.cx> To: Kostik Belousov <kostikbel@gmail.com> Cc: freebsd-current@freebsd.org Subject: Re: chmod of some pidfiles Message-ID: <4805FDE1.4010206@quis.cx> In-Reply-To: <20080416131902.GU18958@deviant.kiev.zoral.com.ua> References: <4805FB23.4030600@quis.cx> <20080416131902.GU18958@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Can you flock a file that is readonly for your user ? It doesn't make sense, it would allow a lot of (local) Denial of Services, I think ? Kostik Belousov schreef: > On Wed, Apr 16, 2008 at 03:12:03PM +0200, Jille wrote: >> Hello, >> >> Today I found out some pidfiles of 'system daemons', have a 'weird' chmod. >> >> [quis@istud ~]$ ls -l /var/run/cron.pid >> -rw------- 1 root wheel 4 Mar 1 19:25 /var/run/cron.pid >> >> Can somebody tell me why it is 0600 ? >> I don't think it will harm if it is 0644 ? >> >> I think this is only useful if the security.bsd.see_other_uids sysctl is >> set to 0. > > They are 0600 so that the advisory locking works reliably on them. > More details: > the daemons flock() the pidfile to indicate that it is alive. Any other > process may lock the file that can be opened for reading. Having more > permissive mode would allow anybody to lock the pidfile, falsely indicating > that the daemon is still alive, while it in fact died.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4805FDE1.4010206>