[2160] in bugtraq
.lsof_dev_cache
daemon@ATHENA.MIT.EDU (Dave Sill)
Tue Aug 29 00:38:41 1995
Date: Fri, 25 Aug 1995 08:00:45 -0400
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Dave Sill <de5@sws5.CTD.ORNL.GOV>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <9508241734.AA16279@all.net>
;This file appears to hold pointers into device files, memory maps, etc.
;which lsof reads the next time around. It could be very dangerous since
;lsof normally runs as root. Please tell me I'm wrong and it's not a hazard.
From the lsof man page:
The device cache file is stored by default in /tmp with read and write
permission for owner, group, and user, so any lsof call can access or
rebuild it. (You can change the device cache file path with the
optional path suffix of the b, r, and u functions.)
Lsof can detect that the file has been accidentally or maliciously modi-
fied by several sanity checks, including a sixteen bit Cyclic Redundancy
Check (CRC) sum of the file's contents. When lsof senses something
wrong with the file, it will attempt to remove the current one and
create a new copy.
The only risk I see is that someone could edit out certain
devices. The "-D i" option tells lsof to ignore the cache completely.
-Dave
