Jarno Huuskonen wrote:
> I found out about the problem when I noticed a temporary file
> /tmp/twtempa19212 left in /tmp. Out of curiosity I ran the tripwire
> binary with strace and noticed that temporary files in /tmp are opened
> without the O_EXCL flag.
Here a strace from tripwire 1.2 (Source RPM: tripwire-1.2-223.src.rpm):
open("/tmp/twznG1Eud", O_RDWR|O_CREAT|O_TRUNC, 0666) = 4
open("/tmp/twzd9tWqg", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
open("/tmp/twzzykpkj", O_RDWR|O_CREAT, 0600) = 4
nowhere the current pid is used - instead a 6 byte template appears,
which is not really predictable (at least shouldn't be!).
Ihq.