The sshd.pid under /var/run has the permission of 666, which we think is a security bug. we can see that: # ps -ef |grep sshd root 9341 1 0 Jan 25 ? 0:02 /opt/ssh/sbin/sshd root 640 482 0 10:17:10 pts/ta 0:00 grep sshd # kill 9341 # umask 022 # umask 00 # /opt/ssh/sbin/sshd # ll /var/run/sshd.pid -rw-rw-rw- 1 root sys 4 Jan 28 10:17 sshd.pid so we change the openssh source code as this, pls see the attachment.
Created attachment 1448 [details] set umask for PidFile The other thing you can to do mitigate this is to set your umask to something other the "0".
Created attachment 1449 [details] for fixing the permission of sshd.pid in the source code
This is a patch made by us, and we have tested it on all the hp-ux platform for 11.11, 11.23 and 11.31, it's ok. we just change the permission of pid file to 644, what do you think the patch (In reply to comment #2) > Created an attachment (id=1449) [details] > for fixing the permission of sshd.pid in the source code
Comment on attachment 1449 [details] for fixing the permission of sshd.pid in the source code > fprintf(f, "%ld\n", (long) getpid()); > fclose(f); >+ if (chmod(options.pid_file,0644) == -1) >+ logit("chmod pid file failed"); This is not the best way to handle this as it's racy (ie there's a period between the write and the chmod where the content of the file could be changed).
Created attachment 1522 [details] Ensure sshd's umaske disallows at least group and world write. This patch has been applied and will be in the next (5.1) release. Thanks.
Mass update RESOLVED->CLOSED after release of openssh-5.1