Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Mon, 28 Jun 2004 03:06:02 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com
Subject: Re: Stmpclean vs. tmpwatch

Hi,

On Wed, Jun 23, 2004 at 12:01:12PM +0200, Maciek Pasternacki wrote:
> Are there any big advantages of stmpclean in comparison to more
> standard tmpwatch?

When I picked stmpclean, it appeared that tmpwatch was heading in the
wrong direction.  Some newer versions of tmpwatch were essentially
fork bombs waiting to be triggered, -- but this has since been fixed
and now the latest tmpwatch doesn't look nearly as bad.

tmpwatch will remove root-owned files except for some taboo ones;
stmpclean won't remove root-owned files at all.

tmpwatch can optionally invoke fuser(1) on each file.  This is an
added feature, -- but do you really want a fork-exec for each file,
with untrusted filenames passed via the command line?  I don't want
to take responsibility for this feature and its poor implementation.

-- 
Alexander Peslyak <solar@...nwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux