COMMAND
socks5
SYSTEMS AFFECTED
Systems running NEC's Socks5 beta-0.17.2
PROBLEM
The following bug is present at *least* in Socks5 beta-0.17.2
from NEC. Other versions haven't been tested, but they are most
likely vulnerable as well
From the manpage:
SOCKS5_PIDFILE
Identifies the filename that stores the socks5 process ID
when the port is a port other than 1080. When you use port
1080, socks5 stores the PID in /tmp/socks5.pid. When you
run socks5 on a port other than 1080, socks5 stores the PID
in /tmp/socks5.(port).pid unless you specify an alternate
filename with SOCKS5_PIDFILE.
If /tmp/socks5.pid doesn't exist, it is simply a matter of linking
the password file to /tmp/socks5.pid (or whatever it's called on
your system). When socks starts up, it happily overwirtes the
file's previous contents with the PID of the new socks server.
Credit goes to Trevor Schroeder.
SOLUTION
Use mktemp to generate a unique temp file name and redirect
socks to that the source is available, recompile *without* PID
file support Create /tmp/socks5.pid (as root) and make sure that
ordinary users can't remove it. Or, better yet, write the
pidfile in a non-sticky directory, such as /var/run (on bsd
systems).