[Bug 1433] New: sshd.pid has permissions of 666
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Mon Jan 28 13:56:26 EST 2008
https://bugzilla.mindrot.org/show_bug.cgi?id=1433
Summary: sshd.pid has permissions of 666
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: HPPA
OS/Version: HP-UX
Status: NEW
Severity: security
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: njleanne at hotmail.com
The sshd.pid under /var/run has the permission of 666, which we think
is a security bug.
we can see that:
# ps -ef |grep sshd
root 9341 1 0 Jan 25 ? 0:02 /opt/ssh/sbin/sshd
root 640 482 0 10:17:10 pts/ta 0:00 grep sshd
# kill 9341
# umask
022
# umask 00
# /opt/ssh/sbin/sshd
# ll /var/run/sshd.pid
-rw-rw-rw- 1 root sys 4 Jan 28 10:17 sshd.pid
so we change the openssh source code as this, pls see the attachment.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list