From 78aac2699469d610b5aa2f45dac4a30bd379938a Mon Sep 17 00:00:00 2001
From: Vincent Bernat <bernat@luffy.cx>
Date: Tue, 10 May 2011 21:17:22 +0200
Subject: [PATCH] Set correct rights on PID file.
This file was writable by anybody, leading to the possibility of
writing any PID an waiting for some admin to restart keepalived to
kill the process of your choice.
---
keepalived/core/pidfile.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/keepalived/core/pidfile.c b/keepalived/core/pidfile.c
index 383912e..0c3ea33 100644
--- a/keepalived/core/pidfile.c
+++ b/keepalived/core/pidfile.c
@@ -20,6 +20,9 @@
* Copyright (C) 2001-2011 Alexandre Cassen, <acassen@linux-vs.org>
*/
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
#include "logger.h"
#include "pidfile.h"
extern char *main_pidfile;
@@ -30,7 +33,9 @@ extern char *vrrp_pidfile;
int
pidfile_write(char *pid_file, int pid)
{
- FILE *pidfile = fopen(pid_file, "w");
+ FILE *pidfile = NULL;
+ int pidfd = creat(pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+ if (pidfd != -1) pidfile = fdopen(pidfd, "w");
if (!pidfile) {
log_message(LOG_INFO, "pidfile_write : Can not open %s pidfile",
--
1.7.5.1
distrib
>
Mageia
>
1
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
1acb355d0afb33f90c0156ed53a88d83
>
files
>
1
