Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

.lsof_dev_cache

From: de5 () sws5 CTD ORNL GOV (Dave Sill)
Date: Fri, 25 Aug 1995 08:00:45 -0400

»This file appears to hold pointers into device files, memory maps, etc.
»which lsof reads the next time around.  It could be very dangerous since
»lsof normally runs as root.  Please tell me I'm wrong and it's not a hazard.


From the lsof man page:


     The device cache file is stored by default in /tmp with read and write
     permission for owner, group, and user, so any lsof call can access or
     rebuild it.  (You can change the device cache file path with the
     optional path suffix of the b, r, and u functions.)

     Lsof can detect that the file has been accidentally or maliciously modi-
     fied by several sanity checks, including a sixteen bit Cyclic Redundancy
     Check (CRC) sum of the file's contents.  When lsof senses something
     wrong with the file, it will attempt to remove the current one and
     create a new copy.

The only risk I see is that someone could edit out certain
devices. The "-D i" option tells lsof to ignore the cache completely.

-Dave
Previous By Date Next
Previous By Thread Next

Current thread: