Bugtraq mailing list archives

Re: Tripwire temporary files

From: Paul Starzetz <paul () starzetz de>
Date: Tue, 10 Jul 2001 11:13:22 +0200

Jarno Huuskonen wrote:

 I found out about the problem when I noticed a temporary file
 /tmp/twtempa19212 left in /tmp. Out of curiosity I ran the tripwire
 binary with strace and noticed that temporary files in /tmp are opened
 without the O_EXCL flag.


Here a strace from tripwire 1.2 (Source RPM: tripwire-1.2-223.src.rpm):

open("/tmp/twznG1Eud", O_RDWR|O_CREAT|O_TRUNC, 0666) = 4
open("/tmp/twzd9tWqg", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
open("/tmp/twzzykpkj", O_RDWR|O_CREAT, 0600) = 4

nowhere the current pid is used - instead a 6 byte template appears,
which is not really predictable (at least shouldn't be!).

Ihq.

Current thread:

Tripwire temporary files Jarno Huuskonen (Jul 09)
- Re: Tripwire temporary files Charles Stevenson (Jul 10)
  - Re: Tripwire temporary files Cy Schubert - ITSD Open Systems Group (Jul 15)
    - Re: Tripwire temporary files Jarno Huuskonen (Jul 15)
    - Re: Tripwire temporary files Cy Schubert - ITSD Open Systems Group (Jul 16)
- Re: Tripwire temporary files Paul Starzetz (Jul 10)
  - Re: Tripwire temporary files Jarno Huuskonen (Jul 10)