From owner-freebsd-security Sat Mar 10 20:48:11 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns1.unixathome.org (ns1.unixathome.org [203.79.82.27]) by hub.freebsd.org (Postfix) with ESMTP id 73F7D37B71A for ; Sat, 10 Mar 2001 20:48:04 -0800 (PST) (envelope-from dan@langille.org) Received: from wocker (wocker.int.nz.freebsd.org [192.168.0.99]) by ns1.unixathome.org (8.11.1/8.11.1) with ESMTP id f2B4lww04741; Sun, 11 Mar 2001 17:47:59 +1300 (NZDT) (envelope-from dan@langille.org) Message-Id: <200103110447.f2B4lww04741@ns1.unixathome.org> From: "Dan Langille" Organization: novice in training To: Pete Fritchman Date: Sun, 11 Mar 2001 17:47:58 +1300 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: temp files for security/logcheck Reply-To: dan@langille.org Cc: security@freebsd.org In-reply-to: <20010310234519.A68252@databits.net> References: <200103110435.f2B4ZHw04676@ns1.unixathome.org>; from dan@langille.org on Sun, Mar 11, 2001 at 05:35:16PM +1300 X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org AFAIK, the files disappear each time the script is run: umask 077 rm -f $TMPDIR/check.$$ $TMPDIR/checkoutput.$$ $TMPDIR/checkreport.$$ if [ -f $TMPDIR/check.$$ -o -f $TMPDIR/checkoutput.$$ -o -f $TMPDIR/checkreport.$$ ]; then echo "Log files exist in $TMPDIR directory that cannot be removed. This may be an attempt to spoof the log checker." \ | $MAIL -s "$HOSTNAME $DATE ACTIVE SYSTEM ATTACK!" $SYSADMIN exit 1 fi On 10 Mar 2001, at 23:45, Pete Fritchman wrote: > It seems logical that the port should just use ${TMPDIR}/.logcheck/ or > something of that nature. Does it need to be there permenately? Or can > it just be created/deleted when the program is started/stopped? I saw > the thread on -ports earlier but didn't get a chance to respond. > > -pete > > ++ 11/03/01 17:35 +1300 - Dan Langille: > >The port security/logcheck creates /usr/local/etc/tmp[1] and chmod's it > >to 700. It does that because the temp files it creates and uses need to > >be relativly secure. It writes out several files that could cause problems > >if a user made links, etc. > > > >Does anyone see any issues which we need to deal with? e.g. the > >security of this directory, the name of this directory... > > > >[1] - Prior to a recent port change, it used /usr/local/etc/tmp > > > >-- > >Dan Langille > >pgpkey - finger dan@unixathome.org | http://unixathome.org/finger.php > >got any work? I'm looking for some. > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > -- > Pete Fritchman > Databits Network Services, Inc. > finger petef@databits.net for PGP key > > -- Dan Langille pgpkey - finger dan@unixathome.org | http://unixathome.org/finger.php got any work? I'm looking for some. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message