On mer., 2011-12-21 at 10:40 +0100, Yves-Alexis Perez wrote:
> On mer., 2011-12-21 at 08:37 +0000, Stephen Gran wrote:
> > This one time, at band camp, Tollef Fog Heen said:
> > >
> > > Hi,
> > >
> > > it seems like the security tracker now and then decides to leave crap in
> > > /tmp on wagner. Could you please make it stop doing so?
> > >
> > > (I suspect it's you based on the contents, it's stuff like:
> > >
> > > CVE-2005-XXXX [Insecure temp files in note]
> > > - note 1.3.1-3 (bug #337492; low)
> > > CVE-2005-3500 [clamav: DoS in CAB parsing]
> > > {DTSA-21-1}
> > > - clamav 0.87.1-1 (medium)
> > > CVE-2005-3501 [clamav: DoS in mspack parsing]
> > > {DTSA-21-1}
> > > - clamav 0.87.1-1 (medium)
> > > CVE-2005-XXXX [Multiple security issues in Scorched 3D]
> > > - scorched3d <unfixed> (bug filed; medium)
> > > CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...)
> > > NOT-FOR-US: Cisco hardware
> > > CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...)
> > > NOT-FOR-US: IOS
> >
> > Hi,
> >
> > It looks like it may not be you guys:
> >
> > root@wagner:/tmp# lsof | grep tempfile.8.tmp
> > viewvc.cg 16055 www-data 4u REG 254,5 1224704 27 /tmp/tempfile.8.tmp
> >
> > so, we'll take a look at viewvc. However, the lack of response from
> > anyone that I'm aware of makes me nervous - is anyone reading this?
> > Should we kill the alioth project?
> >
> Yes, we read you, though I missed the initial mail (and would have
> lacked information on why/how this happened).
>
And according to various sources on the net, it looks indeed like some
people try to hammer
http://anonscm.debian.org/viewvc/secure-testing/data/CVE/list?view=log
(maybe even googlebot) which is 6.5M. viewvc process seems to die and
let its tempfiles in /tmp (I guess it might happen for other files too,
but maybe there's not much files larger than that in alioth svn
repositories?).
Regards,
--
Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part