[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Uploaded tmpreaper 1.4.8 (source i386) to master

 I'm the previous maintainer and part author of `tmpreaper'. (which
 descends from Eric Troan's (Red Hat) `tmpwatch' program.)

 I am by no means a "security expert", nor a "professional system
 administrator";  I am a "beginner programmer wannabee".

 I made a statement to the effect that I didn't think you really need
 `tmpreaper' on a box that nobody else uses, or where you trust all of
 the users, since it seems unlikely to me that anyone would exploit
 the race that `tmpreaper' is meant to protect us from.

 It occurs to me now that perhaps a trojan horse could set it up... on
 a box where the attacker knows that tmp is cleaned by a find command.

 I clean tmp by hand on my workstation; that's why I gave `tmpreaper'
 away.  I'm not using it, and don't admin any machines where it might
 be used.  (... and I've been spending my time at other things.)

 When I debianized it, I used `debmake'.  It chose the `optional' or
 `extra' for me.  I never thought about it really.

Reply to: