From owner-freebsd-ports  Mon Aug 28 21:06:00 1995
Return-Path: ports-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id VAA10501
          for ports-outgoing; Mon, 28 Aug 1995 21:06:00 -0700
Received: from kryten.atinc.com (kryten.Atinc.COM [198.138.38.7])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id VAA10490
          for <ports@freebsd.org>; Mon, 28 Aug 1995 21:05:57 -0700
Received: (jmb@localhost) by kryten.atinc.com (8.6.9/8.3) id AAA13372; Tue, 29 Aug 1995 00:00:41 -0400
Date: Tue, 29 Aug 1995 00:00:40 -0400 (EDT)
From: "Jonathan M. Bresler" <jmb@kryten.Atinc.COM>
Subject: New lsof_3.40
To: ports@freebsd.org
Message-ID: <Pine.3.89.9508282348.E12292-0100000@kryten.atinc.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: ports-owner@freebsd.org
Precedence: bulk


compiles without changes under FreeBSD.
available from ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/lsof_3.40_W.tar.gz

tar zxvf lsof_3.40_W.tar.gz
tar xvf lsof_3.40.tar
./Configure freebsd
make

and then install

Jonathan M. Bresler  jmb@kryten.atinc.com       | Analysis & Technology, Inc.  
FreeBSD Postmaster   jmb@FreeBSD.Org            | 2341 Jeff Davis Hwy
play go.                                        | Arlington, VA 22202
ride bike. hack FreeBSD.--ah the good life      | 703-418-2800 x346

---------- Forwarded message ----------
Date: Mon, 28 Aug 1995 11:13:44 -0500
From: Vic Abell <abe@vic.cc.purdue.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
Subject: Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache

In message <Pine.SUN.3.91.950825123658.25410A-100000@di> Scott Barman writes:
>
>Finally, according to the 00FAQ file in the source directory (and I
>picked up my copy from CERT, too), the reading of this file has 10
>checks for validity.  If it fails one of them, then the cache is
>rebuilt.  Amongst the checks is a checksum and checking the information
>on the file using stat().

Revision 3.40 (released Friday, August 25) adds another check: it
will not create a device cache file in /tmp if the real user ID
would cause the file to be owned by root.  Previously, doing an su
to root and running lsof could have created a root-owned device
cache file.

>Otherwise, it does give you a way to turn this feature off, if you are
>still unconvinced this is not so much of a problem.

You can disable the device cache file feature two ways: 1) at
compile time by disabling the HASDCACHE definition in the dialect's
machine.h header file; or 2) at run time with the -Di option.

Scott and Dr. Frederick B. Cohen, the poster of the original question
about the security of lsof's device cache file, both report having
gotten their copies of lsof from the CERT archive at cert.org.
For a long time the CERT archive copy was out of date and it was
difficult for me to arrange for it to updated.

I have now convinced the CERT archive maintainers to replace their
lsof distribution copy with a pointer to the lsof home site,
vic.cc.purdue.edu.  The latest revision will always be found there
in pub/tools/unix/lsof.

There are pre-compiled binaries on vic.cc.purdue.edu, too, but I
presume no one on this list would take the risk of using one, even
though the binaries have PGP signature certificates to attest that
I built them.  :-)

Vic Abell, lsof author