Aaron Parsons reported [1] that tuned would create its PID file with insecure permissions (0666). A local user could use this flaw to kill arbitrary running processes when the tuned service is stopped. This was fixed upstream [2] and was also previously corrected in Red Hat Enterprise Linux 6 via RHBA-2013:0386 [3]. Current Fedora 18 inherited the upstream fix, however Fedora 17 is still affected by this issue. [1] https://bugzilla.redhat.com/show_bug.cgi?id=845336 [2] http://git.fedorahosted.org/cgit/tuned.git/commit/?h=1.0&id=9e8f670 [3] http://rhn.redhat.com/errata/RHBA-2013-0386.html
Created tuned tracking bugs for this issue Affects: fedora-17 [bug 918233]