Date: Sun, 11 Mar 2001 17:47:58 +1300 From: "Dan Langille" <dan@langille.org> To: Pete Fritchman <petef@databits.net> Cc: security@freebsd.org Subject: Re: temp files for security/logcheck Message-ID: <200103110447.f2B4lww04741@ns1.unixathome.org> In-Reply-To: <20010310234519.A68252@databits.net> References: <200103110435.f2B4ZHw04676@ns1.unixathome.org>; from dan@langille.org on Sun, Mar 11, 2001 at 05:35:16PM %2B1300
next in thread | previous in thread | raw e-mail | index | archive | help
AFAIK, the files disappear each time the script is run: umask 077 rm -f $TMPDIR/check.$$ $TMPDIR/checkoutput.$$ $TMPDIR/checkreport.$$ if [ -f $TMPDIR/check.$$ -o -f $TMPDIR/checkoutput.$$ -o -f $TMPDIR/checkreport.$$ ]; then echo "Log files exist in $TMPDIR directory that cannot be removed. This may be an attempt to spoof the log checker." \ | $MAIL -s "$HOSTNAME $DATE ACTIVE SYSTEM ATTACK!" $SYSADMIN exit 1 fi On 10 Mar 2001, at 23:45, Pete Fritchman wrote: > It seems logical that the port should just use ${TMPDIR}/.logcheck/ or > something of that nature. Does it need to be there permenately? Or can > it just be created/deleted when the program is started/stopped? I saw > the thread on -ports earlier but didn't get a chance to respond. > > -pete > > ++ 11/03/01 17:35 +1300 - Dan Langille: > >The port security/logcheck creates /usr/local/etc/tmp[1] and chmod's it > >to 700. It does that because the temp files it creates and uses need to > >be relativly secure. It writes out several files that could cause problems > >if a user made links, etc. > > > >Does anyone see any issues which we need to deal with? e.g. the > >security of this directory, the name of this directory... > > > >[1] - Prior to a recent port change, it used /usr/local/etc/tmp > > > >-- > >Dan Langille > >pgpkey - finger dan@unixathome.org | http://unixathome.org/finger.php > >got any work? I'm looking for some. > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > -- > Pete Fritchman <petef@databits.net> > Databits Network Services, Inc. <http://databits.net> > finger petef@databits.net for PGP key > > -- Dan Langille pgpkey - finger dan@unixathome.org | http://unixathome.org/finger.php got any work? I'm looking for some. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103110447.f2B4lww04741>