[opensuse] OpenSuSE-11.x thru 12.1: "/dev/.sysconfig"?
What justifies putting a hidden directory with files in /dev? rkhunter and other auditing tools complain about the existence of this directory and it's files. This seems to contravene standard security practices: There should be no files in /dev at all, only devices. just curious. jd -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/16/2012 10:11 PM, j debert wrote:
What justifies putting a hidden directory with files in /dev?
Google for "/dev/.sysconfig" and it provides a link to the openSUSE forums. http://forums.opensuse.org/english/get-technical-help-here/applications/4555... Unfortunately these cannot be reached at this time, thus I am not certain there is ans answer to your question. Later, Robert -- Robert Schweikert MAY THE SOURCE BE WITH YOU SUSE-IBM Software Integration Center LINUX Tech Lead rjschwei@suse.com rschweik@ca.ibm.com 781-464-8147 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/17/2012 04:21 AM, Robert Schweikert wrote:
On 06/16/2012 10:11 PM, j debert wrote:
What justifies putting a hidden directory with files in /dev?
Google for "/dev/.sysconfig" and it provides a link to the openSUSE forums.
http://forums.opensuse.org/english/get-technical-help-here/applications/4555...
If there's a good reason it's opaque. It appears to be no more than mere convenience. This breaks the standard security model and invites others to do the same. /dev has long been a favored hiding place for evil files. There should be no files there. It is not a false positive when security scanners like rkhunter, chkrootkit, etc., find files in /dev. jd -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
j debert wrote:
On 06/17/2012 04:21 AM, Robert Schweikert wrote:
On 06/16/2012 10:11 PM, j debert wrote:
What justifies putting a hidden directory with files in /dev? Google for "/dev/.sysconfig" and it provides a link to the openSUSE forums.
http://forums.opensuse.org/english/get-technical-help-here/applications/4555...
If there's a good reason it's opaque. It appears to be no more than mere convenience.
This breaks the standard security model and invites others to do the same.
/dev has long been a favored hiding place for evil files. There should be no files there. It is not a false positive when security scanners like rkhunter, chkrootkit, etc., find files in /dev.
jd
Well, I can see this getting worse. Where do they put the user R/W RAM disk for semaphores, shared memory and such? /dev/shm. so where do I go to create a tmp file in memory? /dev/shm/tmp -- which my script creates with the sticky bit on if it doesn't already exist. I've seen other recommendations to put user shared facilities in /dev/...so I can see the potential for alot more files of all types, hidden included (obviously very small, as they consume memory). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
j debert -
Linda Walsh -
Robert Schweikert