[2159] in bugtraq
Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10
daemon@ATHENA.MIT.EDU (der Mouse)
Tue Aug 29 00:15:41 1995
Date: Thu, 24 Aug 1995 19:56:17 -0400
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
X-To: bugtraq@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
> After running lsof (the security program identified by the CERT that
> lists open file) I found the following file:
> -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache
> This file appears to hold pointers into device files, memory maps,
> etc. which lsof reads the next time around. It could be very
> dangerous since lsof normally runs as root. Please tell me I'm wrong
> and it's not a hazard.
The lsof docs talk about this file (you _did_ read them, didn't you?).
In particular, go reread questions 3.2 and 4.2 in the 00FAQ file, and
search for "lsof_dev" in the 00README file....
I am less confident than Victor Abell is that this isn't a security
hazard. However, I have never investigated in enough detail to make
any confident pronouncements either way. If you're paranoid, you can
use -Di to make it ignore the cache, -Du/some/other/path to make it put
it somewhere else, or frob the source....
der Mouse
mouse@collatz.mcrcim.mcgill.edu
