Description Michael Orlitzky 2017-08-22 13:16:08 UTC

The init script for mms-agent gives ownership of the PID file directory to the same user that the daemon runs as:

  start_pre() {
    checkpath -d -m 0750 -o "${user}":"${group}" "${run_dir}"
    cd /opt/mms-monitoring-agent
  }

As a result, the $user can write whatever he wants into the PID file. Later, that may be exploitable: when the service is stopped, root will call "kill" on the contents of that file.

But there's good news: there's no need for the call to "checkpath" above. With command_background=true, OpenRC creates the PID file as root:root, and the checkpath call can be deleted if you store the PID file directly in /run. That is, if you delete the $run_dir variable, and set pidfile=/run/${RC_SVCNAME}.pid

Some other minor improvements to consider while you're touching the init script:

  1. Update SVCNAME to the more-modern RC_SVCNAME.

  2. Use "command_user" for the user/group instead of start_stop_daemon_args.

  3. Right now you have command="./mongodb-mms-monitoring-agent &>${logfile}"
     in order to save stderr and stdout to $logfile. I believe that you
     can use the --stderr and --stdout options of start-stop-daemon
     (through start_stop_daemon_args) to achieve the same thing.