Site Navigation

Date:      Sun, 11 Mar 2001 17:47:58 +1300
From:      "Dan Langille" <dan@langille.org>
To:        Pete Fritchman <petef@databits.net>
Cc:        security@freebsd.org
Subject:   Re: temp files for security/logcheck
Message-ID:  <200103110447.f2B4lww04741@ns1.unixathome.org>
In-Reply-To: <20010310234519.A68252@databits.net>
References:  <200103110435.f2B4ZHw04676@ns1.unixathome.org>; from dan@langille.org on Sun, Mar 11, 2001 at 05:35:16PM %2B1300

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

AFAIK, the files disappear each time the script is run:

umask 077
rm -f $TMPDIR/check.$$ $TMPDIR/checkoutput.$$ 
$TMPDIR/checkreport.$$
if [ -f $TMPDIR/check.$$ -o -f $TMPDIR/checkoutput.$$ -o -f 
$TMPDIR/checkreport.$$ ]; then
        echo "Log files exist in $TMPDIR directory that cannot be 
removed. This
may be an attempt to spoof the log checker." \
        | $MAIL -s "$HOSTNAME $DATE ACTIVE SYSTEM ATTACK!" 
$SYSADMIN     
        exit 1
fi

On 10 Mar 2001, at 23:45, Pete Fritchman wrote:

> It seems logical that the port should just use ${TMPDIR}/.logcheck/ or 
> something of that nature.  Does it need to be there permenately?  Or can
> it just be created/deleted when the program is started/stopped?  I saw 
> the thread on -ports earlier but didn't get a chance to respond.
> 
> -pete
> 
> ++ 11/03/01 17:35 +1300 - Dan Langille:
> >The port security/logcheck creates /usr/local/etc/tmp[1] and chmod's it 
> >to  700.  It does that because the temp files it creates and uses need to 
> >be relativly secure.  It writes out several files that could cause problems 
> >if a user made links, etc.
> >
> >Does anyone see any issues which we need to deal with?  e.g. the 
> >security of this directory, the name of this directory...
> >
> >[1] - Prior to a recent port change, it used /usr/local/etc/tmp
> >
> >-- 
> >Dan Langille
> >pgpkey - finger dan@unixathome.org | http://unixathome.org/finger.php
> >got any work?  I'm looking for some.
> >
> >To Unsubscribe: send mail to majordomo@FreeBSD.org
> >with "unsubscribe freebsd-security" in the body of the message
> --
> Pete Fritchman <petef@databits.net>
> Databits Network Services, Inc. <http://databits.net>;
> finger petef@databits.net for PGP key
> 
> 



-- 
Dan Langille
pgpkey - finger dan@unixathome.org | http://unixathome.org/finger.php
got any work?  I'm looking for some.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103110447.f2B4lww04741>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact