Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gvmd creates a pidfile not owned by root #2090

Open
MocioF opened this issue Oct 4, 2023 · 0 comments
Open

Gvmd creates a pidfile not owned by root #2090

MocioF opened this issue Oct 4, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@MocioF
Copy link

MocioF commented Oct 4, 2023

Expected behavior

gvmd should implement a --drop-privileges feature, so to be started as root, create a pidfile as root, and then drop privileges to the regular user with administrative rights on the gvm database

Actual behavior

gvmd doesn't support --drop-privileges
When started as a regular user, gvmd creates a pidfile in a directory where this user has write permissions (or it fails on startup if the regular user cannot write on that directory) and the file is owned by the same user.
This could bring to security concerns because an attacker could write a different value in the gvmd pidfile and an init system as OpenRC could stop an arbitrary process while trying to stop gvmd.

GVM versions

gsa: 22.06.0~git

gvm: 22.9.0

openvas-scanner: 22.7.5

gvm-libs: 22.7.1

Environment

Operating system:
Linux 6.1.53-gentoo-r1

Installation method / source: source installation

The problem has been reported on Greenbone forum too: https://forum.greenbone.net/t/gvmd-creates-a-pidfile-not-owned-by-root/15861
More information about why creating a pidfile not owned by root could be a security issue: https://github.com/OpenRC/openrc/blob/master/service-script-guide.md#pid-files-should-be-writable-only-by-root

@MocioF MocioF added the bug Something isn't working label Oct 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant