DoS bug in initscripts
Michael A. Peters
mpeters at mac.com
Mon Apr 7 09:11:08 PDT 2003
loadproc in the functions script calls getpids()
pidlist=$(pidof -o $$ -o $PPID -x $base)
if $1 isn't full path then it can return a faulty PID causing the
service not start.
For example -
The init script is called gpm
The init script has:
loadproc gpm -m $MDEVICE -t $PROTOCOL
in the start) case
loadproc() passes gpm to getpids() and since the script is called gpm -
it finds a PID and states that the service is already running, causing
the init to not properly start.
The daemons should be called full path in the init scripts to avoid
this. and the getpids() should check the full path of the binary in case
of a sloppily written init script.
This will avoid accidental or malicious DoS of init scripts.
If you include "which" with the basic LFS this can easily be achieved:
[root at 12-233-116-216 root]# which gpm
[root at 12-233-116-216 root]# which `which gpm`
[root at 12-233-116-216 root]#
Michael A. Peters <mpeters at mac.com>
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-dev' in the subject header of the message
More information about the lfs-dev