From cae5915c476c9a2a7e1d2174a1b036ee027365c6 Mon Sep 17 00:00:00 2001
From: Bodine Wilson <werockthebodine@gmail.com>
Date: Sun, 13 Sep 2015 10:51:39 -0400
Subject: [PATCH] Fixed a typo and mitigated a symlink attack for a corner case
 involving PID file creation.

---
 CONTRIBUTORS |  1 +
 lynis        | 40 +++++++++++++++++++++++-----------------
 2 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/CONTRIBUTORS b/CONTRIBUTORS
index 1a1e7a13..53b83795 100644
--- a/CONTRIBUTORS
+++ b/CONTRIBUTORS
@@ -24,6 +24,7 @@
 ------------------------------------------
 
   Alexander Lobodzinski
+  Bodine Wilson
   Brian Ginsbach
   C.J. Adams-Collier, US
   Charlie Heselton, US
diff --git a/lynis b/lynis
index 1266b9dd..8d3d44b5 100755
--- a/lynis
+++ b/lynis
@@ -290,8 +290,22 @@
 #
 #################################################################################
 #
-    # Check if there is already a PID file (incorrect termination of previous instance)
-    if [ -f lynis.pid -o -f /var/run/lynis.pid ]; then
+
+    # Decide where to write our PID file. For unprivileged users this will be in their home directory, or /tmp if their
+    # home directory isn't set. For root it will be /var/run, or the current workign directory if /var/run doesn't exist.
+    MYHOMEDIR=`echo ~`
+    if [ "${MYHOMEDIR}" = "" ]; then MYHOMEDIR="/tmp"; fi
+
+    if [ ${PRIVILEGED} -eq 0 ]; then
+        PIDFILE="${MYHOMEDIR}/lynis.pid"
+    elif [ -d /var/run ]; then
+        PIDFILE="/var/run/lynis.pid"
+    else
+        PIDFILE="./lynis.pid"
+    fi
+
+    # Check if there is already a PID file in any of the locations (incorrect termination of previous instance)
+    if [ -f "${MYHOMEDIR}/lynis.pid" -o -f "./lynis.pid" -o -f "/var/run/lynis.pid" ]; then
         echo ""
         echo "      ${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}"
         echo "      ------------------------------------------------------------------------------"
@@ -305,26 +319,18 @@
         echo "      ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${NORMAL}"
         echo ""
         wait_for_keypress
-        # Deleting temporary files
+        # Deleting any stale PID files that might exist.
         # Note: Display function does not work yet at this point
-        if [ -f lynis.pid ]; then rm -f lynis.pid; fi
-        if [ -f /var/run/lynis.pid ]; then rm -f /var/run/lynis.pid; fi
+        if [ -f "${MYHOMEDIR}/lynis.pid" ]; then rm -f "${MYHOMEDIR}/lynis.pid"; fi
+        if [ -f "./lynis.pid" ]; then rm -f "./lynis.pid"; fi
+        if [ -f "/var/run/lynis.pid" ]; then rm -f "/var/run/lynis.pid"; fi
     fi
 
-    # Create new PID file (use work directory if /var/run is not available)
-    if [ ${PRIVILEGED} -eq 0 ]; then
-          # Store it in home directory of user
-          MYHOMEDIR=`echo ~`
-          if [ "${MYHOMEDIR}" = "" ]; then HOMEDIR="/tmp"; fi
-          PIDFILE="${MYHOMEDIR}/lynis.pid"
-      elif [ -d /var/run ]; then
-          PIDFILE="/var/run/lynis.pid"
-      else
-          PIDFILE="lynis.pid"
-    fi
+    # Create new PID file writable only by owner. Decrease the window for symlink attacks.
+    (umask 077; rm -f ${PIDFILE} ; touch ${PIDFILE})
     OURPID=`echo $$`
     echo ${OURPID} > ${PIDFILE}
-    chmod 600 ${PIDFILE}
+
 #
 #################################################################################
 #