Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10

[mouse () Collatz McRCIM McGill EDU (der Mouse)]

> After running lsof (the security program identified by the CERT that
> lists open file) I found the following file:

> -rw-rw-rw-  1 root           8025 Aug 24 04:10 /tmp/.lsof_dev_cache

> This file appears to hold pointers into device files, memory maps,
> etc. which lsof reads the next time around.  It could be very
> dangerous since lsof normally runs as root.  Please tell me I'm wrong
> and it's not a hazard.

The lsof docs talk about this file (you _did_ read them, didn't you?).
In particular, go reread questions 3.2 and 4.2 in the 00FAQ file, and
search for "lsof_dev" in the 00README file....

I am less confident than Victor Abell is that this isn't a security
hazard.  However, I have never investigated in enough detail to make
any confident pronouncements either way.  If you're paranoid, you can
use -Di to make it ignore the cache, -Du/some/other/path to make it put
it somewhere else, or frob the source....

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu