[Bug 271250] New: rkhunter complains about /dev/.tmp-22-0
https://bugzilla.novell.com/show_bug.cgi?id=271250 Summary: rkhunter complains about /dev/.tmp-22-0 Product: openSUSE 10.2 Version: Final Platform: x86-64 OS/Version: openSUSE 10.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: asvetter@cip.physik.uni-wuerzburg.de QAContact: qa@suse.de CC: asklein@wpax13.physik.uni-wuerzburg.de rkhunter complains about /dev/.tmp-22-0 : * Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ] --------------- /dev/.tmp-22-0 /dev/.udev /etc/.pwd.lock --------------- Please inspect: /dev/.tmp-22-0 (block special (22/0)) This is another name for /dev/hdc: # ll /dev/.tmp-22-0 brw------- 1 root root 22, 0 2007-05-02 15:05 /dev/.tmp-22-0 # ll /dev/hdc brw-r-----+ 1 root disk 22, 0 2007-04-27 15:39 /dev/hdc /dev/hdc is a DVD-Writer: Model Number: HL-DT-ST DVDRAM GSA-4120B Is this /dev/.tmp-22-0 normal? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=271250 lnussel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|security-team@suse.de |kasievers@novell.com ------- Comment #1 from lnussel@novell.com 2007-05-04 04:55 MST ------- maybe some leftover temporary file from udev. I doubt it's security relevant. Reassigning to udev maintainer. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=271250 ------- Comment #2 from kasievers@novell.com 2007-05-04 07:24 MST ------- It's a temporary file from udev, needed to access a device before the device-naming happened. Udev rules with PROGRAM= or IMPORT= can use $tempnode to do that. Usually the temp-node will be removed after the event handling. No idea whi it is left in this case. The node will always belong to root and not accessible to any other user. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=271250 kasievers@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |asvetter@cip.physik.uni-wuerzburg.de ------- Comment #3 from kasievers@novell.com 2007-05-04 09:03 MST ------- If you delete the temp-node, and run "/sbin/udevtrigger" as root, wait a few seconds, does the file get recreated? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=271250 asvetter@cip.physik.uni-wuerzburg.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|asvetter@cip.physik.uni- | |wuerzburg.de | ------- Comment #4 from asvetter@cip.physik.uni-wuerzburg.de 2007-05-06 10:21 MST ------- It does not get recreated. It shows up typically in a few (2-3) weeks again. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=271250#c5
Kay Sievers
https://bugzilla.novell.com/show_bug.cgi?id=271250#c6
Kay Sievers
participants (1)
-
bugzilla_noreply@novell.com