Bugtraq mailing list archives
Re: /tmp event logger
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Sun, 15 Mar 1998 11:06:30 -0700
Due to excessive amount of /tmp races reported last months, here's /tmp event logger. This simple and small program logs file activity in given directory, giving clear, reusable, space-saving format (including operation, filename, uid/gid, file type, permissions, current time). It's very useful when you're looking for possible vunerabilities, or trying to trace attacks.
Many of you have source to the operating systems and tools you run. I like to make a strong recommendation for source-level audits as the best way to find these problems. And while you are there you can fix them too, and then tell the maintainers of the packages; not just For instance, all programs compiled with GNU f77 have 2 mktemp races. It's in the source. I just contacted the maintainer of the package; he didn't appear to have any idea what a /tmp race is. This is going to be extremely common. So those who care about this issue should start auditing code, and then telling the authors of these systems that such problems are unacceptable. Try to give them patches. Push hard to get these things fixed.
Current thread:
- Possible Bug in CDE on HP-UX, (continued)
- Possible Bug in CDE on HP-UX gareth greenaway (Mar 09)
- Re: Possible Bug in CDE on HP-UX Jeremy Brinkley (Mar 10)
- Re: the purpose of dynamic memory allocation David LeBlanc (Mar 10)
- Re: the purpose of dynamic memory allocation Jeffrey Hutzelman (Mar 10)
- Re: the purpose of dynamic memory allocation Alan Cox (Mar 11)
- DoS (and possibly more) on MDaemon for NT/95 Alvaro Martinez Echevarria (Mar 10)
- MDaemon SMTP Server Buffer Overflow's Aleph One (Mar 10)
- Security problem in Slackware. Suman_Saraf (Mar 11)
- Re: Security problem in Slackware. Peter van Dijk (Mar 13)
- /tmp event logger Michal Zalewski (Mar 14)
- Re: /tmp event logger Theo de Raadt (Mar 15)
- Possible Bug in CDE on HP-UX gareth greenaway (Mar 09)
- Vunerable shell scripts Michal Zalewski (Mar 14)
- More broadcast fun T. Freak (Mar 14)
- Midnight Commander /tmp race Michal Zalewski (Mar 15)
- Re: Midnight Commander /tmp race Pavel Kankovsky (Mar 17)
- Re: Midnight Commander /tmp race willy () SNOWYOWL CSU AC RU (Mar 17)
- Re: Midnight Commander /tmp race Pavel Kankovsky (Mar 18)
- Solaris printd security vulnerability Aleph One (Mar 11)
- Sun Security Bulletin #00165 Aleph One (Mar 11)
- Fwd: Sun Security Bulletin #00166 Tony Hagale (Mar 11)
- SLMail 2.6 DoS Steven (Mar 11)