> After running lsof (the security program identified by the CERT that > lists open file) I found the following file: > -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache > This file appears to hold pointers into device files, memory maps, > etc. which lsof reads the next time around. It could be very > dangerous since lsof normally runs as root. Please tell me I'm wrong > and it's not a hazard. The lsof docs talk about this file (you _did_ read them, didn't you?). In particular, go reread questions 3.2 and 4.2 in the 00FAQ file, and search for "lsof_dev" in the 00README file.... I am less confident than Victor Abell is that this isn't a security hazard. However, I have never investigated in enough detail to make any confident pronouncements either way. If you're paranoid, you can use -Di to make it ignore the cache, -Du/some/other/path to make it put it somewhere else, or frob the source.... der Mouse mouse@collatz.mcrcim.mcgill.edu