From owner-freebsd-current@FreeBSD.ORG Wed Apr 16 13:24:00 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4B712106566B for ; Wed, 16 Apr 2008 13:24:00 +0000 (UTC) (envelope-from jille@quis.cx) Received: from smtp2.versatel.nl (smtp2.versatel.nl [62.58.50.89]) by mx1.freebsd.org (Postfix) with ESMTP id B24118FC19 for ; Wed, 16 Apr 2008 13:23:59 +0000 (UTC) (envelope-from jille@quis.cx) Received: (qmail 23463 invoked by uid 0); 16 Apr 2008 13:23:57 -0000 Received: from ip83-113-174-82.adsl2.versatel.nl (HELO istud.quis.cx) ([82.174.113.83]) (envelope-sender ) by smtp2.versatel.nl (qmail-ldap-1.03) with SMTP for < >; 16 Apr 2008 13:23:57 -0000 Received: by istud.quis.cx (Postfix, from userid 100) id E996039864; Wed, 16 Apr 2008 15:23:56 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on istud.quis.cx X-Spam-Level: X-Spam-Status: No, score=-4.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.4 Received: from [192.168.1.4] (ille [192.168.1.4]) by istud.quis.cx (Postfix) with ESMTP id 2FF2C39861; Wed, 16 Apr 2008 15:23:54 +0200 (CEST) Message-ID: <4805FDE1.4010206@quis.cx> Date: Wed, 16 Apr 2008 15:23:45 +0200 From: Jille User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Kostik Belousov References: <4805FB23.4030600@quis.cx> <20080416131902.GU18958@deviant.kiev.zoral.com.ua> In-Reply-To: <20080416131902.GU18958@deviant.kiev.zoral.com.ua> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-current@freebsd.org Subject: Re: chmod of some pidfiles X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2008 13:24:00 -0000 Can you flock a file that is readonly for your user ? It doesn't make sense, it would allow a lot of (local) Denial of Services, I think ? Kostik Belousov schreef: > On Wed, Apr 16, 2008 at 03:12:03PM +0200, Jille wrote: >> Hello, >> >> Today I found out some pidfiles of 'system daemons', have a 'weird' chmod. >> >> [quis@istud ~]$ ls -l /var/run/cron.pid >> -rw------- 1 root wheel 4 Mar 1 19:25 /var/run/cron.pid >> >> Can somebody tell me why it is 0600 ? >> I don't think it will harm if it is 0644 ? >> >> I think this is only useful if the security.bsd.see_other_uids sysctl is >> set to 0. > > They are 0600 so that the advisory locking works reliably on them. > More details: > the daemons flock() the pidfile to indicate that it is alive. Any other > process may lock the file that can be opened for reading. Having more > permissive mode would allow anybody to lock the pidfile, falsely indicating > that the daemon is still alive, while it in fact died.