CVE-2011-1784: Debian World Writable PID files
Some time ago, ‘helpermn’ reported some world writable files to the debian-security mailing list. More specifically, the following.
/var/run/checkers.pid /var/run/vrrp.pid /var/run/keepalived.pid /var/run/starter.pid /var/lock/subsys/ipsec
Although this is a very common bug that is fixed by simply updating the equivalent inititialization scripts for each daemon, it opens up a nice security hole. As Henrique de Moraes Holschu (aka hmh) quickly pointed out, due to this bug, any user could replace the PID files and consuquently force the equivalent daemon of each file to send signals to arbitrary processes.
Even though it is not a low level vulnerability it is definately interesting.