Description
Expected behavior
gvmd should implement a --drop-privileges feature, so to be started as root, create a pidfile as root, and then drop privileges to the regular user with administrative rights on the gvm database
Actual behavior
gvmd doesn't support --drop-privileges
When started as a regular user, gvmd creates a pidfile in a directory where this user has write permissions (or it fails on startup if the regular user cannot write on that directory) and the file is owned by the same user.
This could bring to security concerns because an attacker could write a different value in the gvmd pidfile and an init system as OpenRC could stop an arbitrary process while trying to stop gvmd.
GVM versions
gsa: 22.06.0~git
gvm: 22.9.0
openvas-scanner: 22.7.5
gvm-libs: 22.7.1
Environment
Operating system:
Linux 6.1.53-gentoo-r1
Installation method / source: source installation
The problem has been reported on Greenbone forum too: https://forum.greenbone.net/t/gvmd-creates-a-pidfile-not-owned-by-root/15861
More information about why creating a pidfile not owned by root could be a security issue: https://github.com/OpenRC/openrc/blob/master/service-script-guide.md#pid-files-should-be-writable-only-by-root