From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (X11; U; FreeBSD 4.2-STABLE i386)
it seems that netreport and the network-scripts allow arbitrary pid killing
Reproducible: Didn't try
Steps to Reproduce:
from man 7 signal:
1. SIGIO 23,29,22 A I/O now possible (4.2 BSD)
The letters in the "Action" column have the following
A Default action is to terminate the process.
(note that on bsd the sigio is discarded by default)
2. ls -l /sbin/netreport
-rwxr-sr-x 1 root root 3860 Mar 13 14:41
(which creates pid files in /var/run/netreport/
drwxrwxr-x 2 root root 4096 Apr 5 18:17 netreport
(which has files such as this created when you run it)
---------- 1 lumpy root 0 Apr 5 18:15 19769
---------- 1 lumpy root 0 Apr 5 18:17 19968
(note that the pid file is not removed automagically. i tested this by
executing sh, running netreport, exiting the shell, and ls'ing again)
These files are apparently used by:
this script contains the following function:
# Notify programs that have requested notification
( cd /var/run/netreport || exit
for i in * ; do
[ -f $i ] && \
kill -SIGIO $i >/dev/null 2>&1 || \
rm -f $i >/dev/null 2>&1
So it looks like you should be able to kill arbitrary processes.
Im new to linux, but not unix. I have to rely on the manpages, as this
box is not mine and i really dont want to crash it. What do you guys
think? Is this a known issue that i just didnt know about?
Actual Results: i couldnt test -- couldnt kill the box because it was in
Expected Results: that arbitrary processes created with pids from stale
netreports would be killed
Yep. I agree to the analysis. You don't have control over which process gets
killed, but it's serious anyway I think. But sadly I see no workaround :-(
There is one way that you could do it easilly but im not sure it would fully
security issues. (Note that i just woke up :)):
If you set your user id to that of the user who created the file before killing
process... that way when its not your process it wont let you send SIGIO.
Will be fixed in 5.83-1.