Bugtraq mailing list archives
Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Thu, 24 Aug 1995 19:56:17 -0400
After running lsof (the security program identified by the CERT that lists open file) I found the following file:
-rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache
This file appears to hold pointers into device files, memory maps, etc. which lsof reads the next time around. It could be very dangerous since lsof normally runs as root. Please tell me I'm wrong and it's not a hazard.
The lsof docs talk about this file (you _did_ read them, didn't you?). In particular, go reread questions 3.2 and 4.2 in the 00FAQ file, and search for "lsof_dev" in the 00README file.... I am less confident than Victor Abell is that this isn't a security hazard. However, I have never investigated in enough detail to make any confident pronouncements either way. If you're paranoid, you can use -Di to make it ignore the cache, -Du/some/other/path to make it put it somewhere else, or frob the source.... der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 der Mouse (Aug 24)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 29)