Date: Tue, 29 Aug 1995 00:00:40 -0400 (EDT) From: "Jonathan M. Bresler" <jmb@kryten.Atinc.COM> To: ports@freebsd.org Subject: New lsof_3.40 Message-ID: <Pine.3.89.9508282348.E12292-0100000@kryten.atinc.com>
next in thread | raw e-mail | index | archive | help
compiles without changes under FreeBSD. available from ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/lsof_3.40_W.tar.gz tar zxvf lsof_3.40_W.tar.gz tar xvf lsof_3.40.tar ./Configure freebsd make and then install Jonathan M. Bresler jmb@kryten.atinc.com | Analysis & Technology, Inc. FreeBSD Postmaster jmb@FreeBSD.Org | 2341 Jeff Davis Hwy play go. | Arlington, VA 22202 ride bike. hack FreeBSD.--ah the good life | 703-418-2800 x346 ---------- Forwarded message ---------- Date: Mon, 28 Aug 1995 11:13:44 -0500 From: Vic Abell <abe@vic.cc.purdue.edu> To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM> Subject: Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache In message <Pine.SUN.3.91.950825123658.25410A-100000@di> Scott Barman writes: > >Finally, according to the 00FAQ file in the source directory (and I >picked up my copy from CERT, too), the reading of this file has 10 >checks for validity. If it fails one of them, then the cache is >rebuilt. Amongst the checks is a checksum and checking the information >on the file using stat(). Revision 3.40 (released Friday, August 25) adds another check: it will not create a device cache file in /tmp if the real user ID would cause the file to be owned by root. Previously, doing an su to root and running lsof could have created a root-owned device cache file. >Otherwise, it does give you a way to turn this feature off, if you are >still unconvinced this is not so much of a problem. You can disable the device cache file feature two ways: 1) at compile time by disabling the HASDCACHE definition in the dialect's machine.h header file; or 2) at run time with the -Di option. Scott and Dr. Frederick B. Cohen, the poster of the original question about the security of lsof's device cache file, both report having gotten their copies of lsof from the CERT archive at cert.org. For a long time the CERT archive copy was out of date and it was difficult for me to arrange for it to updated. I have now convinced the CERT archive maintainers to replace their lsof distribution copy with a pointer to the lsof home site, vic.cc.purdue.edu. The latest revision will always be found there in pub/tools/unix/lsof. There are pre-compiled binaries on vic.cc.purdue.edu, too, but I presume no one on this list would take the risk of using one, even though the binaries have PGP signature certificates to attest that I built them. :-) Vic Abell, lsof author
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.3.89.9508282348.E12292-0100000>