[Bug 1433] New: sshd.pid has permissions of 666

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Jan 28 13:56:26 EST 2008


https://bugzilla.mindrot.org/show_bug.cgi?id=1433

           Summary: sshd.pid has permissions of 666
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 4.7p1
          Platform: HPPA
        OS/Version: HP-UX
            Status: NEW
          Severity: security
          Priority: P2
         Component: sshd
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: njleanne at hotmail.com


The sshd.pid under /var/run has the permission of 666, which we think
is a security bug.
we can see that:
# ps -ef |grep sshd
    root  9341     1  0  Jan 25  ?         0:02 /opt/ssh/sbin/sshd
    root   640   482  0 10:17:10 pts/ta    0:00 grep sshd
# kill 9341
# umask
022
# umask 00
# /opt/ssh/sbin/sshd
# ll /var/run/sshd.pid
-rw-rw-rw-   1 root       sys              4 Jan 28 10:17 sshd.pid

so we change the openssh source code as this, pls see the attachment.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list