|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10
Darren Reed (avalon
coombs.anu.edu.au)Fri, 25 Aug 1995 23:17:17 +1000
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Mark Thomas: "[8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
- Previous message: Scott Barman: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache"
- In reply to: Dr. Frederick B. Cohen: "-rw-rw-rw- 1 root 8025 Aug 24 04:10"
- Next in thread: Dave Roberts: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10"
In some mail from Dr. Frederick B. Cohen, sie said:
>
> Joy of joys.
>
> After running lsof (the security program identified by the CERT that
> lists open file) I found the following file:
>
> -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache
>
> This file appears to hold pointers into device files, memory maps, etc.
> which lsof reads the next time around. It could be very dangerous since
> lsof normally runs as root. Please tell me I'm wrong and it's not a hazard.
Having examined it today, it seems to be installed setgid-kmem (or something
which can read /dev/kmem) in all cases but one.
The threat is it:
(a) doesn't use O_EXCL to open the file
(b) uses chown instead of fchown
But
(c) it must be run by root for there to be a problem.
People designing setuid-root programs or programs in general which perform
priviledged operations and need temporary files should consider using a
non-public access directory as the temp. file location.
darren
- Next message: Mark Thomas: "[8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
- Previous message: Scott Barman: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache"
- In reply to: Dr. Frederick B. Cohen: "-rw-rw-rw- 1 root 8025 Aug 24 04:10"
- Next in thread: Dave Roberts: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10"