Bugtraq mailing list archives
Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache
From: abe () vic cc purdue edu (Vic Abell)
Date: Thu, 24 Aug 1995 16:45:10 -0500
In message <9508241734.AA16279 () all net> you write:
Joy of joys. After running lsof (the security program identified by the CERT that lists open file) I found the following file: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache This file appears to hold pointers into device files, memory maps, etc. which lsof reads the next time around. It could be very dangerous since lsof normally runs as root. Please tell me I'm wrong and it's not a hazard.
I forgot to comment on two misconceptions in this last paragraph. First, lsof does not normally run as root -- whatever that means. If it means setuid root, lsof only needs to run that way under V88 R40V4.x and UnixWare. Everywhere else it can run setgid to the group that can read /dev/kmem. Second, the file /tmp/.lsof_dev_cache (I call it the device cache file) does not contain any etc. It is strictly a file of information about the nodes in /dev. That's documented in the lsof distribution package. One other note -- and this appears in the lsof documentation, too -- the writing of the device cache file to /tmp can be disabled when lsof is built or when lsof is run. The penalty is increased startup time. I've encountered a system with over 10,000 nodes in /dev and it takes a lot of work to stat() them all. May Unix dialects impose an additional time penalty when the object of a stat() call is in /dev or /devices. So, if you're really worried about this file, my advice (again, documented in the lsof distribution :-) is to build lsof with the device cache feature disabled. Just edit machine.h for your dialect (or dialects) and disable the definition of HASDCACHE. Vic Abell, lsof author
Current thread:
- Re: DO NOT USE THAT PATCH (Re: IP firewalling bugs) der Mouse (Aug 23)
- Re: DO NOT USE THAT PATCH (Re: IP firewalling bugs) Tom Fitzgerald (Aug 23)
- -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dr. Frederick B. Cohen (Aug 24)
- Security Mailing Lists Christopher Klaus (Dec 09)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 24)
- .lsof_dev_cache Dave Sill (Aug 25)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Darren Reed (Aug 25)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dave Roberts (Aug 29)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Vic Abell (Aug 30)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Scott Barman (Aug 25)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 28)
- [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 [8LGM] Security Team (Aug 28)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Rob J. Nauta (Aug 29)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jay 'Whip' Grizzard (Aug 29)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)