On 09/06/2017 08:29 AM, Howard Chu wrote:
- Someone compromises the daemon, which sits on the open network.
Nobody compromises slapd from the network. There are no buffer overflow vulnerabilities, there are no RCE vulnerabilities.
Oh, it's one of /those/ daemons.
- I run "/etc/init.d/slapd stop" to stop the daemon while I investigate the weird behavior resulting from the hack.
Even if that were possible, it's clearly a bug in the init script, which failed to check that the process with that PID was the process it was expecting to find. Note that this is something any init script needs to do anyway, since PID files can go stale and some other process may be using the PID by the time you reference the file.
Have you ever seen such an init script?
How should the init system know what process it was expecting to find, if not by reading that process's PID from the PID file?
If you decide not to write the PID file as root, that's of course up to you, but I still have to tell something to the people who ship OpenLDAP as part of their distributions. I can tell them "Howard says it should be easy," but considering that no one has ever done it, that's not real helpful advice.
There are only two requirements really: it needs to be portable POSIX sh, and the stop() function must only kill the one process created by start(). If you give that a shot, you might see why I suggested that this be fixed in slapd.