Re: Tripwire temporary files

From: Paul Starzetz (paulat_private)
Date: Tue Jul 10 2001 - 02:13:22 PDT

Next message: David LeBlanc: "RE: Small TCP packets == very large overhead == DoS?"

Previous message: Kevin: "How Google indexed a file with no external link"
In reply to: Jarno Huuskonen: "Tripwire temporary files"
Next in thread: Jarno Huuskonen: "Re: Tripwire temporary files"
Reply: Jarno Huuskonen: "Re: Tripwire temporary files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jarno Huuskonen wrote:

>  I found out about the problem when I noticed a temporary file
>  /tmp/twtempa19212 left in /tmp. Out of curiosity I ran the tripwire
>  binary with strace and noticed that temporary files in /tmp are opened
>  without the O_EXCL flag.

Here a strace from tripwire 1.2 (Source RPM: tripwire-1.2-223.src.rpm):

open("/tmp/twznG1Eud", O_RDWR|O_CREAT|O_TRUNC, 0666) = 4
open("/tmp/twzd9tWqg", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
open("/tmp/twzzykpkj", O_RDWR|O_CREAT, 0600) = 4

nowhere the current pid is used - instead a 6 byte template appears,
which is not really predictable (at least shouldn't be!).

Ihq.

Next message: David LeBlanc: "RE: Small TCP packets == very large overhead == DoS?"
Previous message: Kevin: "How Google indexed a file with no external link"
In reply to: Jarno Huuskonen: "Tripwire temporary files"
Next in thread: Jarno Huuskonen: "Re: Tripwire temporary files"
Reply: Jarno Huuskonen: "Re: Tripwire temporary files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 10 2001 - 07:06:16 PDT