From 78aac2699469d610b5aa2f45dac4a30bd379938a Mon Sep 17 00:00:00 2001 From: Vincent Bernat <bernat@luffy.cx> Date: Tue, 10 May 2011 21:17:22 +0200 Subject: [PATCH] Set correct rights on PID file. This file was writable by anybody, leading to the possibility of writing any PID an waiting for some admin to restart keepalived to kill the process of your choice. --- keepalived/core/pidfile.c | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/keepalived/core/pidfile.c b/keepalived/core/pidfile.c index 383912e..0c3ea33 100644 --- a/keepalived/core/pidfile.c +++ b/keepalived/core/pidfile.c @@ -20,6 +20,9 @@ * Copyright (C) 2001-2011 Alexandre Cassen, <acassen@linux-vs.org> */ +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> #include "logger.h" #include "pidfile.h" extern char *main_pidfile; @@ -30,7 +33,9 @@ extern char *vrrp_pidfile; int pidfile_write(char *pid_file, int pid) { - FILE *pidfile = fopen(pid_file, "w"); + FILE *pidfile = NULL; + int pidfd = creat(pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + if (pidfd != -1) pidfile = fdopen(pidfd, "w"); if (!pidfile) { log_message(LOG_INFO, "pidfile_write : Can not open %s pidfile", -- 1.7.5.1