mailing list archives
Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Thu, 24 Aug 1995 19:56:17 -0400
After running lsof (the security program identified by the CERT that
lists open file) I found the following file:
-rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache
This file appears to hold pointers into device files, memory maps,
etc. which lsof reads the next time around. It could be very
dangerous since lsof normally runs as root. Please tell me I'm wrong
and it's not a hazard.
The lsof docs talk about this file (you _did_ read them, didn't you?).
In particular, go reread questions 3.2 and 4.2 in the 00FAQ file, and
search for "lsof_dev" in the 00README file....
I am less confident than Victor Abell is that this isn't a security
hazard. However, I have never investigated in enough detail to make
any confident pronouncements either way. If you're paranoid, you can
use -Di to make it ignore the cache, -Du/some/other/path to make it put
it somewhere else, or frob the source....
mouse () collatz mcrcim mcgill edu
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 der Mouse (Aug 24)