Tikiwiki (Gentoo) temporary directories in / !

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

Tikiwiki (Gentoo) temporary directories in / !

Postby Dwokfur » Mon Jul 26, 2004 2:14 am

Hi,

I'm just fine-tuning a machine running Hardened Gentoo Linux. I set up tikiwiki from portage, its version is 1.8.2 Sirius. Other remarkable versions: Apache:2.0.50, mod_ssl:2.0.50, OpenSSL:0.9.7d, PHP:4.3.8.
I'm about to work out an ACL system based on Grsecurity. I'm in the evaluation period for the required ACLs. I noticed a strange symptom, that apache2 keeps creating some kind of temporary folders in the root directory (I mean real root, not the www root) with scrambled names, which it immediately erases. It also use /tmp with similar srambled names.
Other php based web programs (squirrelmail, phpscheduleit) do not show this phenomenon.
Php session files are stored in a separate folder for security reasons, php-accelerator uses exclusively /tmp directory.

What can be the reason? Has anyone experienced the same?
I haven't find any configuration options in possible conjunction with this issue.

Please share your ideas and suggestions.

Thx,
Dw.
Dwokfur
 
Posts: 99
Joined: Tue Jun 08, 2004 10:07 am
Location: Budapest, Hungary, Europe

Postby torne » Mon Jul 26, 2004 6:14 am

Presumably if Apache can create temp folders in the root directory then either your Apache process is running as root (baaad idea) or you have your root directory world-writable (also a bad idea) - what I would suggest is fixing whichever of those is the case and seeing what breaks. Turn on script logging and see if anything complains about not being able to write to /.
torne
 
Posts: 54
Joined: Mon Aug 12, 2002 12:52 pm


Return to RBAC policy development

cron