Groff / grops temp file location

I was bit by the sudo grace period bug. Because sudo has a brief grace period,
during which anyone can execute it without being prompted for a password, anyone
who makes it past the firewall can execute anything he wants if he knows when sudo
was last executed. One clever chap changed my root password on me.
I share this verbose background because I want others to be aware of this security hole.
Add these three lines to /etc/sudoers, which removes grace period and prints su activity
in a secure file (so no one knows when su or sudo is executed).
Defaults:ALL timestamp_timeout=0
Defaults:ALL !syslog
Defaults:ALL logfile=/var/log/secure.log
Now on to the question. Because I followed this inconvenience with a reset of all
permissions, I suddenly found that grops (the troff2ps postprocessor underlying
groff) no longer had permission to create temp files, rendering it defunct. I can
only run it successfully as root(!).
Because I cannot find the src for grops, I do not know where the temp files are
created. The man page's specification of /tmp/gropsXXXXX is incorrect. I need
to find that directory and liberalize the permissions.
Thank you.

Thank you for your interest in my other security issues. I was able to resecure root and the machine right away...
Great! Sorry I wasted your time with my post then. I must confess that I know pretty much nothing about groff/grops. But I didn't realize that you had simplified your post and weren't having further root problems.
That said, I hope the following isn't equally useless:
1. According to the groff man page:
<pre style="line-height: 50%; background: #eee">
GROFF_TMPDIR
The directory in which temporary files will be created. If this
is not set but the environment variable TMPDIR instead, tempo-
rary files will be created in the directory $TMPDIR. On MS-DOS
and Windows 32 platforms, the environment variables TMP and TEMP
(in that order) are searched also, after GROFF_TMPDIR and
TMPDIR. Otherwise, temporary files will be created in /tmp.
The refer(1), groffer(1), grohtml(1), and grops(1) commands use
temporary files.
</pre>
To my surprise, $TMPDIR is set to something seemingly obscure: /var/folders/XX/XXYYYYYYYYYYYYY/-Tmp-/ where XX is a random pair of characters and YYYYYYYYYYYYY is another random sequence of characters. This folder is owned by the currently logged-in user, and has permissions 0700! YMMV, but this, and the parent directories, may be worth investigating.
2. You may already know this, but just in case (or for anyone else who reads this), 0777 is the wrong permissions for tmp-like directories. The correct permissions is 01777, or drwxrwxrwt. The difference (the '1' in the 512-place) is the "sticky bit" and partially overrides the write-permissions to prevent users from deleting files that they don't own. This is a useful security measure: otherwise, say, an attacker could potentially attempt to exploit a race condition, and replace the temporary file which grops creates with a different file, before grops gets around to reading the temporary file which it created. (On the other hand, with the sticky bit set, a different security issue is created, namely, if the 'XXXXXX' part of the gropsXXXXXX filename is predictable--e.g. the PID of the grops process--then an attacker could try to create the gropsXXXXXX before grops gets a chance to, thereby effecting a DOS attack.) I would be surprised if the incorrect permissions would be an issue for you--why would groff/grops check the sticky bit on the temporary directory?--but it is still worth fixing, if necessary.

Similar Messages

  • The 2 year old fix for changing temp files is no longer valid, I need to change the temp file location in the latest firefox.

    In 3.6.3 I'm unable to find the parent cache to change where the temp files are located. I have an SSD drive, and I need to get the temp file off, and onto my platter drive. I have read the previous fix of about:config and changing the parent cache location, but it no longer seems to be there. I'm unable to locate anything relating to my SSD drive location in about:config.
    == User Agent ==
    Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.70 Safari/533.4

    Unfortunately, it appears that what I wrote about not being able to find the location IN about:config of the cache to change it from my C: drive to a different location, was mildly misunderstood that I didn't know how to get into about:config.
    The location of browser.cache.disk.parent_directory does not currently exist in 3.6.3. I'm assuming it's under a different location. Also using the simple string of "cache" lists several options, but none of them appear to be where firefox is currently dumping the temp files onto my C:
    I merely need to know how to switch the temp file location from 1 drive, to another. Not downloads, the temp file.

  • I have LR 4 and now I cannot open the software because I get this warning: light room cannot start because it cannot create files in the temp file location.. C:/windows/temp. How do I fix this? I have removed and downloaded LR and even used by disc and st

    I have LR 4 and now I cannot open the software because I get this warning: "light room cannot start because it cannot create files in the temp file location. C:\windows\temp\". I think I need to have LR open in a different place but I have no idea how to do that. Any help is most appreciated.
    Alex

    Jim
    Thank you for your prompt reply. Unfortunately I am not that tech oriented and
    cannot easily find that folder. I did notice when I was booting up the LR software
    that I could accept the site where LR usually is set up or choose a place. I am
    thinking that the standard location for LR software is corrupted and that if I
    chose a different place it would work. I say this because whether I use my
    original disc or download from adobe I get the same warning. I have 100GB of
    memory on the hard drive and I have cleaned the computer with Mcaffee and free
    software. What should I do next? I can't use this software and I doubt LR 5
    would open up with my current problem.
    Alex

  • I Lost Power to my PC while in Acrobat Reader and lost data, where is temp file located?

    I lost power to my pc while typing a new acrobat reader file but never saved it, where is the default temp file located, if this exists? Thanks.

    The answer to your question depends upon your version of Reader and your OS. Especially since the last version of Acrobat Reader was version 5 which is four majors versions ago. The last four versions have been called Adobe Reader, not Acrobat Reader. This the forum for the Acrobat commericial product, not the free reader product.  
    PDF files cannot be edited in Reader and fields filled in with Reader cannot be saved (unless especially enabled) canot be re-opened from the temp files. To make a long story short. You will need to re-type the information. 
    Sorry to be the bearer of the sad news.

  • Reader XI temp file location

    We are having an issue with our Term server users. Since moving to a server 2012 windows 8 environment we are unable to use the comment function in reader XI, as you can see it is completely greyed out. Have tested the same pdf file off of the server and on older term servers and comment section works fine. We believe this is a permissions issue with the location of the temp file opened when you open a pdf. We are unable to find said location and have spent hours on the forums today with no luck. Help please.

    We are having an issue with our Term server users. Since moving to a server 2012 windows 8 environment we are unable to use the comment function in reader XI, as you can see it is completely greyed out. Have tested the same pdf file off of the server and on older term servers and comment section works fine. We believe this is a permissions issue with the location of the temp file opened when you open a pdf. We are unable to find said location and have spent hours on the forums today with no luck. Help please.

  • Project Manager Trimmed Temp File Location

    Hello,
    I recently tried to trim down a 100GB project. I had 8GB left on my harddrive, and the project manager said the final project would be 7GB, so I took the chance and started trimming.
    Unfortunately, I ran out of diskspace during the trim, and the Project Manager aborted the action. Fair enough. However, when I checked my diskspace in finder, I only had 100MB free space. That means the temp file, that the project manager created while trimming the project, is still stored somewhere. But I have no idea where it is stored or what it is named.
    I'm on a Mac 10.6.4, CS5.
    Do you know where (or how) to look?
    Thanks,

    Where are your Scratch Disks located?
    What was the Destination Folder, that you directed PrPro to archive your Project?
    Note that performance of a HDD begins to decline at ~ 70% of capacity, and falls off sharply, as one fills the drive. It can also contribute to premature failure of the HDD. Sounds like it's time to get larger, or more HDD's.
    Good luck,
    Hunt

  • Essbase Issue temp file location.

    Is there a way to change the location where Essbase writes a temp file when data load(text file) is being done. It usually writes to Windows Temp location.
    Also will Essbase writies similar temp file when data is loaded from sql too?
    If anyone are familiar with this setting, please respond.
    Appreciate any response.

    Is there a way to change the location where Essbase writes a temp file when data load(text file) is being done. It usually writes to Windows Temp location.
    Also will Essbase writies similar temp file when data is loaded from sql too?
    If anyone are familiar with this setting, please respond.
    Appreciate any response.

  • Can't set temp files folder or set cache size

    I have a workstation that will not download files, or pick up the auto-proxy settings. Other workstations on the same network work fine, so it is not the user profile or proxy server/config. It happens to all users on this workstation, including the local
    admin account.
    I have reset IE settings, doesn;t fix. Downloaded and run 4 or five fix-it tools (I used Chrome or another PC to download). I have removed IE from the windows features and settings, rebooted, and added back. Windows update works, updated it to all latest
    security patches. If I go to open the downloads folder, it does nothing (Tools-View Downloads), just drops back to the normal browse window. If I try and check/set the temp files, Tools->Options->Browse and click Settings, I see there is no current temp
    file location (not even for the loacl admin). I try and set it (by moving) to C:\Users\admininstrator (%username%)\appdata\local\microsoft\windows\Temporary Internet Files\ it accepts, then asks me to log off. Log back on and it's not set. I try and set the
    Disk space to use for cache as it is set to zero, and it will ONLY accept 8MB then when I click save (close or whatever), I go back and it is still 0MB.
    I have run sfc /scannow, I have reset all user permissions on the Admin user folder.
    Sooo00, I use Google Chrome and it works fine - picks up the autoproxy, downloads, opens the download folder. I've disabled all the add-ons. If I set the proxy to autodiscovery, IE hangs and does not disply anything. If I set the proxy script, it does not
    work. If I manually set the proxy server and port, browsing is fine except it won't download files when you click on them to save, won't open pdf's.
    This all used to work until sometime over Christmas.

    Hi,
    So we are using IE 11 here? And are we in a domain environment?
    In addition, have we checked if this issue exists in
    saft mode with networking.?
    When doing the uninstallation, please first take a check to see if the previous version of IE could work with the settings mentioned above, after that, take a try to install IE 11 by manually download it from the below link:
    Download Internet Explorer 11 
    Best regards
    Michael Shao
    TechNet Community Support

  • Reporting temp file

    When I try to run a report, on some of them I receive an error stating that
    the server don't have enough disk space disk space to create the report.
    Is it normal that a temp file take over 8 Gb ?
    Is it possible to redirect that temp file location ?
    Thanks.

    Normand,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://support.novell.com/forums/faq_general.html
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://support.novell.com/forums/

  • Temp file save location

    1st Why is Itunes creating so many temp files?
    2nd Can I change where Itunes saves these file? They are saving on "my music" folder which is part of our server, wasting valuable space. If I have to have these files I would like to save them to my C: drive where my music is actually stored.

    The right side column "More like this" leads to some discussions with temp-file problems. For instance here an useful answer: https://discussions.apple.com/message/12995935#12995935 and here https://discussions.apple.com/message/6162742#6162742
    It seems iTunes has problems to write to the correct file (.itl) and creates temp-files. The fix would be to "unblock"/enable the writing process again, so you don't get any temp-files and don't need to store them someplace else.

  • Changing Location for Temp Files

    My computer has a 20 GB Partion on a 150 GB drive that Encore is writing the temp files to. My question is can I change the directory that the files are written to?
    Regards,
    Jim Brown
    Harris Multimedia Services

    Thanks,
    I figured that out minutes after I posted on this forum.
    Regards,
    Jim Brown,
    Harris Corporation, Multimedia Center

  • Crystal Report 2008 - File Locations

    I'm running out of space on the OS partition (C drive) and want to change the default location(s) in Crystal Report so when reports are created and run,  they use space on the D drive.

    Hello,
    Not exactly clear what you want? Save your reports to your D drive would be my first guess.... If you are referring to the \temp folder then change your system Environment Variable from the default to d:\temp and also change the TMP to d:\Tmp.
    You could even set your Swap file to d drive also. I suggest you contact your IT department or search Microsoft's site on how to optimize hard drive space when it's limited. PLEASE back up everything first before making changes to your swap file location, if you don't do it right you may not be able to start windows.
    Thank you
    Don

  • Temp File Name Schema in Receiver File adapter

    Hi,
    I have a scenario where i have to write the file in the temperaory location before writing it to the FTP loacation, I have selected the Processing Parameter as "Use Temperory File" but when the file gets created it is padded with the Message Id, is thr any option to get the file name as the temp file name without the Message Id or timestamp.
    Please let me know if any one has come across such scenario.
    thankx,
    shree

    Hi,
    Under Write Mode, specify whether the target file is to be written directly in the specified directory. If an additional step is to be added using a temporary file, choose Use Temporary File.
    You can specify a naming scheme for the temporary file under Temporary File Name Scheme.
    This schema is used to determine the prefix and extension of the temporary file; to ensure a unique file name, a time stamp is also added to the name during processing.
    The schema xitemp.tmp, for example, results in the file name xitemp<timestamp>.tmp
    So you have to customise the file name in schema.
    see below link
    http://help.sap.com/saphelp_nw2004s/helpdata/en/bc/bb79d6061007419a081e58cbeaaf28/content.htm
    Regards
    Chilla

  • CS6 temp file blunder - can you repeat this problem?

    There is a serious root problem with Adobe's implemented permissionless-temp-file creation methods (pun intended.) The problem is that during startup, both Bridge and Photoshop CS6 try to make temp files on the root folder of the OS drive. Its affecting many peoples' installations by crashing them on application launch if not run by the super-administrator account on the computer. Adobe says to just run as admin to fix it, which does fix the start up crash. However, for me, it creates a gigantic problem: it breaks OS-to-PS and OS-to-Bridge drag and drop functionality completely!!! I literally was slowed to a crawl in my workflow having to import photos 1 at a time through the file-> open menu because I couldn't drag and drop various files from various locations on my computer. Not everything is clumped in 1 area neatly for Bridge to open everything, and I never realized just how much I used this function until this run as admin band-aid broke it. Eventually I fixed the CS temp location after 10-12 hours of hair pulling research and trial and error, and I finally have Photoshop CS6 working without admin permissions and everything is dandy with drag and drop, but only in PS. Bridge still cannot be run without administrator privileges and cannot have files dropped in or out of it to or from Explorer, and I am getting really frustrated here.
    Its kind of disheartening that I have to work for 10 hours in order for me to be able to pay and fully utilize Adobe's software. Even 3 months after being made aware of this issue in other forums, and for how many people it is affecting, they still don't fix it when all they need to do is move the default location of the temp file to somewhere without a need for admin permissions! (I.E. documents folder?)
    So does anyone else find their drag and drop ability gone once running Bridge/PS CS6 in admin mode? Am I the only one? Is there a way to move the default temp creation location of Bridge as well? I'm frustrated and I think Adobe seems to be taking this permissions issue way too lightly!

    I'm running Windows 7x64 Professional. Temp is actually on my RAMdisk but using a folder junction to trick the programs into thinking its on the default temp folders of the C drive. Disabling UAC will fix it yes, but I don't want to disable UAC as I travel with this computer and security is something I prefer to have with me. Its only set to minimal UAC as well, but still its nice for spotting some things. And now, I really am going to look stupid here, but some reason now I can run Bridge without admin permissions without crashing, but now I can't preview or play .mp4 files which was a problem I had before!!! So, now I have a big WTF? expression on my face right now since I've been meticulously trying to get Bridge to work with drag and drop for over a week (and I guess now it magically does once someone actually pays attention to my posts lol) but now .mp4 functionality is poof without admin rights, no matter where the files reside. I think I give up on Bridge I'll just run it as admin but sheesh...
    [[ giant pointless image removed by admin ]]
    But, I still can post references... these all have a problem with 'MMXCore.8BX_unloaded' on startup (there are more elsewhere but it takes time to find them all):
    http://feedback.photoshop.com/photoshop_family/topics/bridge_cs6_release_crashes_on_startu p
    http://forums.adobe.com/thread/1001298
    http://www.sjogrens.nu/?p=106
    Junction points are mentioned in the second post, and that's what I have done on my system (I did it with a program not command prompt, though)
    Really though, after all I've read through and tried, changing the default location of where Photoshop and Bridge intitially put their TMP files to a permission-lax folder would really fix all the problems with this, even if it is caused by changing the default temp area, it would solve the issue for everyone that does do it. A user's documents folder would work perfectly. Sorry if I'm a little inconsistent with information I'm tired and just about burnt out on this stuff (including a lack of sleep)

  • Adobe Reader leaving temp files, which are not auto-deleting.

    Adobe reader is leaving temp files all over and I can't delete them. The temp files are left in my "My Documents" folder, which is redirected to the server. Anytime I open a PDF, it leaves a temp file (ie:U17F7.tmp) and it does not auto-delete. The temp files are 0 bytes in size, just really annoying when my folders get cluttered with all these temp files.  I also cannot delete the files, because it says the location is incorrect. I am able to delete the temp files when I'm not connected to the company network. How do I get these temp files to remove themselves once I close out of Adobe Reader?  This is driving me crazy!

    Hi burdurboy05
    What is the version of reader that you're using?
    Are you trying to print files ?
    Did you try to uninstall and re-install the product?
    ~Mandy

Maybe you are looking for

  • Converting doc to pdf

    When I click create pdf from file, then chose my file, it takes a minute, opens both word and adobe, then both show up blank. I am never given an error message. I've also tried printing it to adobe pdf from word and it does the same thing. I used to

  • Having trouble embedding image with FB

    Noob here. I have a Photoshop file which I opened in Fireworks so I could export it as fxg. This is all I'm trying to do, is open a WindowedApplication with a background image in it. FW exports an fxg file plus a folder with the png file in it. I put

  • Addressing another mac over LAN

    Hi, I have scripts I want to run in crontab - they run fine. but I don't know how! I am rsync'ing files from one mac to another. Both macs have the same naming on their two disks. i.e. both have /Volumes/Work I have to use /Volumes/Work-1 to access t

  • Default initial view that applies to all PDFs opened

    Is it possible to set a default PDF initial view that applies to every pdf opened, regardless of the source of the pdf?  Simply put, I want to have the initial view of EVERY pdf I open to be at 100% zoom and no bookmark panel.  Obviously this can be

  • 1315 series all in one printing problem

    Hello,  the printer suddenly won`t function.I asked to print a pdf document, but the function won`t start. In the status bar it says 3 pending documents, because i asked 2 more times to print this document as it woudn`t start. I have tried to cancel