From Bugzilla Helper: User-Agent: Mozilla/4.76 [en] (X11; U; FreeBSD 4.2-STABLE i386) it seems that netreport and the network-scripts allow arbitrary pid killing Reproducible: Didn't try Steps to Reproduce: from man 7 signal: 1. SIGIO 23,29,22 A I/O now possible (4.2 BSD) ... The letters in the "Action" column have the following meanings: A Default action is to terminate the process. (note that on bsd the sigio is discarded by default) 2. ls -l /sbin/netreport -rwxr-sr-x 1 root root 3860 Mar 13 14:41 /sbin/netreport (which creates pid files in /var/run/netreport/ drwxrwxr-x 2 root root 4096 Apr 5 18:17 netreport (which has files such as this created when you run it) ---------- 1 lumpy root 0 Apr 5 18:15 19769 ---------- 1 lumpy root 0 Apr 5 18:17 19968 (note that the pid file is not removed automagically. i tested this by executing sh, running netreport, exiting the shell, and ls'ing again) These files are apparently used by: 3. /etc/sysconfig/network-scripts/network-functions this script contains the following function: do_netreport () { # Notify programs that have requested notification ( cd /var/run/netreport || exit for i in * ; do [ -f $i ] && \ kill -SIGIO $i >/dev/null 2>&1 || \ rm -f $i >/dev/null 2>&1 done ) } 4. So it looks like you should be able to kill arbitrary processes. Im new to linux, but not unix. I have to rely on the manpages, as this box is not mine and i really dont want to crash it. What do you guys think? Is this a known issue that i just didnt know about? Actual Results: i couldnt test -- couldnt kill the box because it was in production Expected Results: that arbitrary processes created with pids from stale netreports would be killed
Yep. I agree to the analysis. You don't have control over which process gets killed, but it's serious anyway I think. But sadly I see no workaround :-(
There is one way that you could do it easilly but im not sure it would fully resolve the security issues. (Note that i just woke up :)): If you set your user id to that of the user who created the file before killing the process... that way when its not your process it wont let you send SIGIO.
Will be fixed in 5.83-1.