Date: Wed, 16 Apr 2008 16:38:36 +0300 From: Kostik Belousov <kostikbel@gmail.com> To: Jille <jille@quis.cx> Cc: freebsd-current@freebsd.org Subject: Re: chmod of some pidfiles Message-ID: <20080416133836.GV18958@deviant.kiev.zoral.com.ua> In-Reply-To: <4805FDE1.4010206@quis.cx> References: <4805FB23.4030600@quis.cx> <20080416131902.GU18958@deviant.kiev.zoral.com.ua> <4805FDE1.4010206@quis.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
--PSXRUCbmiibGgnYg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 16, 2008 at 03:23:45PM +0200, Jille wrote: > Can you flock a file that is readonly for your user ? > It doesn't make sense, it would allow a lot of (local) Denial of=20 > Services, I think ? Yes, you can flock a file opened for read. The lock is advisory. It would DoS only a service that takes the same lock. Prevention of the described situation is the point of the choosen mode for the pid files. >=20 > Kostik Belousov schreef: > >On Wed, Apr 16, 2008 at 03:12:03PM +0200, Jille wrote: > >>Hello, > >> > >>Today I found out some pidfiles of 'system daemons', have a 'weird' chm= od. > >> > >>[quis@istud ~]$ ls -l /var/run/cron.pid > >>-rw------- 1 root wheel 4 Mar 1 19:25 /var/run/cron.pid > >> > >>Can somebody tell me why it is 0600 ? > >>I don't think it will harm if it is 0644 ? > >> > >>I think this is only useful if the security.bsd.see_other_uids sysctl i= s=20 > >>set to 0. > > > >They are 0600 so that the advisory locking works reliably on them. > >More details: > >the daemons flock() the pidfile to indicate that it is alive. Any other > >process may lock the file that can be opened for reading. Having more > >permissive mode would allow anybody to lock the pidfile, falsely indicat= ing > >that the daemon is still alive, while it in fact died. --PSXRUCbmiibGgnYg Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (FreeBSD) iEYEARECAAYFAkgGAVwACgkQC3+MBN1Mb4icSwCgxGhwR8u5Wzoz6ZEybI587oQa J6EAn2jji4Jjia0JWga6PupNYna37mLv =4+ta -----END PGP SIGNATURE----- --PSXRUCbmiibGgnYg--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080416133836.GV18958>