amavis-mc creates its PID file after dropping privileges

Michael Orlitzky michael at
Mon Nov 6 01:07:01 CET 2017

On 09/14/2017 10:52 AM, Michael Orlitzky wrote:
> I noticed that the amavis-mc daemon creates its PID file after dropping
> privileges:
>   if (defined $daemon_user) {
>     drop_priv($daemon_user,$daemon_group);
>   }
>   if (defined $pid_file && $pid_file ne '') {
>     my $pid_file_fh = IO::File->new;
>     $pid_file_fh->open($pid_file, O_CREAT|O_WRONLY, 0640)
>     ...
> This is in contrast to the main amavisd-new daemon and amavis-snmp which
> create their PID files as root, before dropping privileges.
> Is this intentional in amavis-mc? I ask because it makes things a bit
> hairy for init script writers. When stopping amavis-mc, most init
> systems will send a SIGTERM as root to the contents of the PID file. If
> the PID file is owned by an unprivileged user, he may be able to exploit
> that fact to kill off root processes.

Ping. I'm wondering if I should get a CVE for this and inform the
distros that ship an init script, or if for some reason the risk does
not exist in this case.

More information about the amavis-users mailing list