[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] /tmp/-v ?

Subject: Re: [cobalt-security] /tmp/-v ?
From: shimi <shimi@xxxxxxxxxxxxxxxx>
Date: Sun, 27 May 2001 00:41:33 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Sun, 27 May 2001, Carrie Bartkowiak wrote:

> Hey guys,
> I found this tonight in my second server's /tmp folder:
> -rw-r--r--   1 root     root     11950080 May 20 10:39 -v
> 
> It's big and when I try to read it with pico /tmp/-v I find out it's a
> copy of *old* server logfiles, html pages, and binaries (I assume
> images) for one particular site - going all the way back to October
> 2000, which encompasses me using 3 different RaQs (and moving this
> site from one to the next to the next)!!
> I don't get it... I didn't put this here. I have *no* idea how it got
> there.
> 
> Ya think I can safely delete it? Any idea how it got there?
> 
> CarrieB
> 

well, it's not a system file so in my opinion it can be erased.

what I do wonder about is the owner of the file, that is, root.

it isn't a customer cgi script. unless your httpd runs as root (i hope
not!!!!), so it's either something the GUI did, or you did. or someone who
has root did :\

as in general. there are no system files at /tmp, simply because it's a
place to store *temporary* files. i know that windows put files in his
temp and never deletes them, but that's windows, it doesn't follow
standards :)  so in my opinion, as how I can see my /tmp there's no
problem with erasing anything there (well, besides the mysql socket 
file...)

that's my /tmp if you wanna look (raq3):
[shimi@www /tmp]$ ls -l
total 17
-rw-r--r--   1 root     root         3230 Mar  1 04:58
backup.1200.filelist
-rw-------   1 shimi    users           0 Mar 15 13:43 crontab.23125
-rw-rw----   1 mail     root            0 Mar 14 06:44 majordomo.debug
srwxrwxrwx   1 mysql    root            0 May 26 18:03 mysql.sock
-rw-rw-r--   1 admin    root            0 Mar  8 18:10 mysqlaccess.log
-rw-rw----   1 mail     root            0 Mar 14 07:32 resend.debug
-rw-rw-r--   1 root     root          789 May 24 17:19 sitelist.2001-05-24
-rw-rw-r--   1 root     root          642 May 25 04:06 sitelist.2001-05-25
-rw-rw-r--   1 root     root          932 May 26 04:04 sitelist.2001-05-26
-rw-rw-r--   1 root     root          595 May 26 04:09 siteview.domain
-rw-rw-r--   1 root     root          595 May 26 04:09 siteview.files
-rw-rw-r--   1 root     root          595 May 26 04:09 siteview.hits
-rw-rw-r--   1 root     root          595 May 26 04:09 siteview.kb
-rw-rw-r--   1 root     root          595 May 26 04:09 siteview.pages
-rw-rw-r--   1 root     root          595 May 26 04:09 siteview.visits
drwxr-xr-x   2 root     root         1024 May 26 04:04 vhosts
-rw-rw-r--   1 root     root         2088 May 20 09:13 webmin-setup.out

- have fun.

HTH,

- shimi.

Follow-Ups:
- Re: [cobalt-security] /tmp/-v ?
  - From: Carrie Bartkowiak

References:
- [cobalt-security] /tmp/-v ?
  - From: Carrie Bartkowiak

Prev by Date: [cobalt-security] /tmp/-v ?
Next by Date: Re: [cobalt-security] /tmp/-v ?
Previous by thread: [cobalt-security] /tmp/-v ?
Next by thread: Re: [cobalt-security] /tmp/-v ?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index