Home page logo

bugtraq logo Bugtraq mailing list archives

Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Thu, 24 Aug 1995 19:56:17 -0400

After running lsof (the security program identified by the CERT that
lists open file) I found the following file:

-rw-rw-rw-  1 root           8025 Aug 24 04:10 /tmp/.lsof_dev_cache

This file appears to hold pointers into device files, memory maps,
etc. which lsof reads the next time around.  It could be very
dangerous since lsof normally runs as root.  Please tell me I'm wrong
and it's not a hazard.

The lsof docs talk about this file (you _did_ read them, didn't you?).
In particular, go reread questions 3.2 and 4.2 in the 00FAQ file, and
search for "lsof_dev" in the 00README file....

I am less confident than Victor Abell is that this isn't a security
hazard.  However, I have never investigated in enough detail to make
any confident pronouncements either way.  If you're paranoid, you can
use -Di to make it ignore the cache, -Du/some/other/path to make it put
it somewhere else, or frob the source....

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]