Temporary Files
Adam Goryachev
mailinglists at websitemanagers.com.au
Mon Dec 19 05:33:38 CET 2005
Just thought I might clarify tmp file handling for hobbit and hobbit
client specifically.
It would seem to me that tmp file handling is probably insecure...
-rw-r--r-- 1 hobbit hobbit 237 2005-12-19 14:41 hobbit_vmstat.12913
-rw-r--r-- 1 hobbit hobbit 14996 2005-12-19 14:41 msg.txt
ie, it is easy for an 'attacker' to create a file called msg.txt before
hobbit does (though it seems that file is kept there all the time, so it
would have to be created between system bootup and hobbit startup.
The vmstat file would be easier to do, since it is removed each time
after use.
Just thought it would be nice to use a tmp dir specifically for hobbit,
such as /tmp/hobbit or /usr/lib/hobbit/client/tmp etc .....
Regards,
Adam
More information about the Xymon
mailing list