Date: Tue, 11 Jan 2000 00:03:44 +0100 From: Harold Gutch <logix@foobar.franken.de> To: Kris Kennaway <kris@hub.FreeBSD.ORG>, audit@FreeBSD.ORG Subject: Re: Simple task Message-ID: <20000111000344.C4237@foobar.franken.de> In-Reply-To: <Pine.BSF.4.21.0001100104190.85117-100000@hub.freebsd.org>; from Kris Kennaway on Mon, Jan 10, 2000 at 01:08:03AM -0800 References: <Pine.BSF.4.21.0001100104190.85117-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 10, 2000 at 01:08:03AM -0800, Kris Kennaway wrote:
> Here's something simple you guys can do: install
> /usr/ports/security/l0pht-watch and run it constantly for a few days, and
> look at what it picks up. There are lots of insecurely-named tempfiles
> created by FreeBSD utilities and ports, even ones which otherwise create
> the files atomically (using 6 Xs in mkstemp() isn't very secure, since 5
> of those are usually taken up by the PID, which is fairly easy to
> predict).
A thing I changed in the source, was in list_utils.c:147, where
the maximum full filenamelength that is printed, is limited to 20
chars. mutt (at least the version I'm using, which is pretty
outdated, I know :) ) creates a file in /tmp for pretty many
things - l0pht-watch though didn't show the complete filenames
and thus always displayed the _same_ (cut off) filename; the
differences in the names would only occur after the 20th
character.
bye,
Harold
--
Someone should do a study to find out how many human life spans have
been lost waiting for NT to reboot.
Ken Deboy on Dec 24 1999 in comp.unix.bsd.freebsd.misc
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000111000344.C4237>