insecure temporary file creation

To: <debian-security@lists.debian.org>
Subject: insecure temporary file creation
From: "Matthew Sherborne" <Matthews@softtech.co.nz>
Date: Wed, 7 Feb 2001 11:39:36 +1300
Message-id: <00a201c0908d$af595670$0a16a8c0@matthew>
References: <MPBBILLJAONHMANIJOPDAEGEFKAA.david2@maincube.net>

I just wanted to bring this to that attention of those who care...

Because there were quite a few insecure temp file creation reports a while
ago, perhaps some of us should use this tool to find more ASAP.

It was in the fresh meat mailing list:

------------------------------------------------------------

[012] - Eliott 1.0 (Stable)
  by j (http://freshmeat.net/users/frankdenis/)
Monday, February 5th 2001 16:51

Eliott is a tool to help system administrators and programmers discover
insecure temporary file creation, even in closed-source applications. It
watches a directory for file creation/deletion/writes using the dnotify
facility of Linux 2.4.x . Every change is logged, even temporary files with
a very short lifetime. In addition to logging, Eliott can simulate
hard-link exploits in order to find and report vulnerable applications.

License: GNU General Public License (GPL)

URL: http://freshmeat.net/projects/eliott/

------------------------------------------------------------

GBY

Reply to:

Follow-Ups:
- Re: insecure temporary file creation
  - From: Colin Phipps <cph@netcraft.com>

References:
- Bind log
  - From: "David Priban" <david2@maincube.net>

Prev by Date: Re: The Next Yahoo
Next by Date: Re: ISPs offering ssl-encrypted e-mail?
Previous by thread: Bind log
Next by thread: Re: insecure temporary file creation
Index(es):
- Date
- Thread