Stunnel.org  
   
Home
About
News
Faq
Examples
Download
Patches
Support
Related
<Patch List> <Patch Directory>
Patch info for pid_bri

Patch info for pid_bri

CreatorBrian Hatch
Patch to Version3.8
Typesecurity/new feature
Patchpid_bri.patch
StatusIncorporated into stunnel-3.8p1 and later
Description

(Full Text)

Fix how stunnel handles pid creation/deletion and fix fopen() insecurity

Author Comments



Firstly, this patch fixes a bug whereby a malicious user could
create a symlink in the Stunnel pid directory pointing to a
file that is writable by the user invoking Stunnel, thus
truncating and overwriting the file.   This could lead to
data destruction.


The second purpose of this patch is to allow you to specify
where and if a pid file should be created.  A new flag, '-P'
is added to stunnel that works as follows:

	-P /path/to/pid/dir/
		Create the pid file in the directory named.
		Note that you *MUST* specify a trailing
		slash for this method.

	-P /path/to/pid/file.pid
		Create the pid file with the filename
		specified (no trailing slash)

	-P none
		Don't create a pid file at all.


Changes:
	stunnel will now require that it can create the
	pid file.  If it cannot, it will stop.  Thus users
	may need to start using the '-P none' option.






This website makes patches available for use by the Internet community. However it does not endorse any of the patches contained herein. They could be work perfectly, or totally foul up everything. We don't know. Contact the authors if you have any questions. Use at your own risk.

The Stunnel software package does not contain any cryptography itself, however please remember that import and/or export of cryptographic software, code providing hooks to cryptographic algorithms, and discussion about cryptography is illegal in some countries. It is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.