[21438] in bugtraq
Re: Tripwire temporary files
daemon@ATHENA.MIT.EDU (Paul Starzetz)
Tue Jul 10 10:49:20 2001
Message-ID: <3B4AC732.1EE59E6E@starzetz.de>
Date: Tue, 10 Jul 2001 11:13:22 +0200
From: Paul Starzetz <paul@starzetz.de>
MIME-Version: 1.0
To: Jarno Huuskonen <Jarno.Huuskonen@uku.fi>,
"bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Jarno Huuskonen wrote:
> I found out about the problem when I noticed a temporary file
> /tmp/twtempa19212 left in /tmp. Out of curiosity I ran the tripwire
> binary with strace and noticed that temporary files in /tmp are opened
> without the O_EXCL flag.
Here a strace from tripwire 1.2 (Source RPM: tripwire-1.2-223.src.rpm):
open("/tmp/twznG1Eud", O_RDWR|O_CREAT|O_TRUNC, 0666) = 4
open("/tmp/twzd9tWqg", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
open("/tmp/twzzykpkj", O_RDWR|O_CREAT, 0600) = 4
nowhere the current pid is used - instead a 6 byte template appears,
which is not really predictable (at least shouldn't be!).
Ihq.
