Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10

der Mouse (mouse@Collatz.McRCIM.McGill.EDU)
Thu, 24 Aug 1995 19:56:17 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Vic Abell: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache"
Previous message: Vic Abell: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache"
Maybe in reply to: Dr. Frederick B. Cohen: "-rw-rw-rw- 1 root 8025 Aug 24 04:10"
Next in thread: Vic Abell: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache"

> After running lsof (the security program identified by the CERT that
> lists open file) I found the following file:

> -rw-rw-rw-  1 root           8025 Aug 24 04:10 /tmp/.lsof_dev_cache

> This file appears to hold pointers into device files, memory maps,
> etc. which lsof reads the next time around.  It could be very
> dangerous since lsof normally runs as root.  Please tell me I'm wrong
> and it's not a hazard.

The lsof docs talk about this file (you _did_ read them, didn't you?).
In particular, go reread questions 3.2 and 4.2 in the 00FAQ file, and
search for "lsof_dev" in the 00README file....

I am less confident than Victor Abell is that this isn't a security
hazard.  However, I have never investigated in enough detail to make
any confident pronouncements either way.  If you're paranoid, you can
use -Di to make it ignore the cache, -Du/some/other/path to make it put
it somewhere else, or frob the source....

                                        der Mouse

                            mouse@collatz.mcrcim.mcgill.edu

Next message: Vic Abell: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache"
Previous message: Vic Abell: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache"
Maybe in reply to: Dr. Frederick B. Cohen: "-rw-rw-rw- 1 root 8025 Aug 24 04:10"
Next in thread: Vic Abell: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache"