Lsof has three features that may cause security concerns. First,
its default compilation mode allows anyone to list all open files
with it. Second, by default it creates a user-readable and
user-writable device cache file in the home directory of the real
user ID that executes lsof. (The list-all-open-files and device
cache features may be disabled when lsof is compiled.) Third,
its -k and -m options name alternate kernel name list or memory
files.
Restricting the listing of all open files is controlled by the
compile-time HASSECURITY and HASNOSOCKSECURITY options. When
HASSECURITY is defined, lsof will allow only the root user to
list all open files. The non-root user may list only open files
of processes with the same user IDentification number as the real
user ID number of the lsof process (the one that its user logged
on with).
However, if HASSECURITY and HASNOSOCKSECURITY are both defined,
anyone may list open socket files, provided they are selected
with the -i option.
When HASSECURITY is not defined, anyone may list all open files.
Help output, presented in response to the -h or -? option, gives
the status of the HASSECURITY and HASNOSOCKSECURITY definitions.
See the Security section of the 00README file of the lsof
distribution for information on building lsof with the
HASSECURITY and HASNOSOCKSECURITY options enabled.
Creation and use of a user-readable and user-writable device
cache file is controlled by the compile-time HASDCACHE option.
See the DEVICE CACHE FILE section and the sections that follow it
for details on how its path is formed. For security
considerations it is important to note that in the default lsof
distribution, if the real user ID under which lsof is executed is
root, the device cache file will be written in root's home
directory - e.g., / or /root. When HASDCACHE is not defined,
lsof does not write or attempt to read a device cache file.
When HASDCACHE is defined, the lsof help output, presented in
response to the -h, -D?, or -? options, will provide device
cache file handling information. When HASDCACHE is not defined,
the -h or -? output will have no -D option description.
Before you decide to disable the device cache file feature -
enabling it improves the performance of lsof by reducing the
startup overhead of examining all the nodes in /dev (or /devices)
- read the discussion of it in the 00DCACHE file of the lsof
distribution and the lsof FAQ (The FAQ section gives its
location.)
WHEN IN DOUBT, YOU CAN TEMPORARILY DISABLE THE USE OF THE DEVICE
CACHE FILE WITH THE -Di OPTION.
When lsof user declares alternate kernel name list or memory
files with the -k and -m options, lsof checks the user's
authority to read them with access(2). This is intended to
prevent whatever special power lsof's modes might confer on it
from letting it read files not normally accessible via the
authority of the real user ID.
