Florian Weimer of the Red Hat Product Security Team found [1] that mom created PID files in /var/run as world-writable. This could allow a malicious local attacker to edit the PID file and on mom shutdown or restart, to kill some other process than the mom process, that they would not normally have access to terminate. This is fixed upstream [2]. [1] https://bugzilla.redhat.com/show_bug.cgi?id=863178 [2] http://gerrit.ovirt.org/#/c/8366/
Created mom tracking bugs for this issue Affects: epel-6 [bug 863489]
Fixed as of 0.3.0-1.