Full_Name: Michael Orlitzky
Submission from: (NULL) (18.104.22.168)
The slapd daemon should create its PID file before dropping privileges. This
represents a minor security issue; additional factors are needed to make it
The purpose of the PID file is to hold the PID of the running daemon,
so that later it can be stopped, restarted, or otherwise signalled
(many daemons reload their configurations in response to a SIGHUP).
To fulfill that purpose, the contents of the PID file need to be
trustworthy. If the PID file is writable by a non-root user, then he
can replace its contents with the PID of a root process.
Not sure this is a valid concern. The uid used to run services should not
actually have a valid login shell, and thus should not ever be usable for any
purpose other than running the daemon from init.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/