TmpWatcher uses inotify to monitor a directory of your choosing (usually /tmp). If any world-writable files or directories are created in the monitored directory, a notification is logged and/or sent via the syslog protocol to a syslog server of your choosing. This is useful for passively discovering information disclosure, symlink race, or TOCTOU vulnerabilities. Instead of reading source code in search of vulnerabilities, simply configure TmpWatcher and go about your business. You can investigate any alerts TmpWatcher creates to see if they qualify as vulnerabilities.
"A symlink race is a kind of software security vulnerability that results from a program creating files in an insecure manner. A malicious user can create a symbolic link to a file not otherwise accessible to him or her. When the privileged program creates a file of the same name as the symbolic link, it actually creates the linked-to file instead, possibly inserting content desired by the malicious user (see example below), or even provided by the malicious user (as input to the program)." https://en.wikipedia.org/wiki/Symlink_race
Time-of-check to time-of-use (TOCTOU) vulnerabilities are the result of race conditions that occur between the time a software checks the status of a resource (in this case, a file or directory) and the time the software actually uses the resource. One common way that TOCTOU vulnerabilities are manifested is in world-writable files or directories within /tmp. If software creates world-writable files within /tmp, a malicious user could potentially create symlinks or otherwise manipulate the world-writable files in order to cross some security boundary. For an example of how this attack might work, see http://www.cis.syr.edu/~wedu/Teaching/IntrCompSec/LectureNotes_New/Race_Condition.pdf
For a discussion on how to safely create and use files in /tmp, see https://www.netmeister.org/blog/mktemp.html.
This tool is not intended to detect any kind of malware or intrusion. Rather, it is a vulnerability research tool which alerts a researcher of potential information disclosure, symlink race or TOCTOU vulnerabilities as the researcher goes about their daily activities. In this way, the researcher takes a passive approach to discovering these vulnerabilities, rather than a more active approach (e.g. code audits.)
For more information, see https://github.com/mssalvatore/tmpwatcher.
You are about to open
Do you wish to proceed?
Thank you for your report. Information you provided will help us investigate further.
There was an error while sending your report. Please try again later.
Snaps are applications packaged with all their dependencies to run on all popular Linux distributions from a single build. They update automatically and roll back gracefully.
Snaps are discoverable and installable from the Snap Store, an app store with an audience of millions.
Snap can be installed from the command line on openSUSE Leap 15.x and Tumbleweed.
You need first add the snappy repository from the terminal. Choose the appropriate command depending on your installed openSUSE flavor.
Tumbleweed:
sudo zypper addrepo --refresh https://download.opensuse.org/repositories/system:/snappy/openSUSE_Tumbleweed snappy
Leap 15.x:
sudo zypper addrepo --refresh https://download.opensuse.org/repositories/system:/snappy/openSUSE_Leap_15.6 snappy
If needed, Swap out openSUSE_Leap_15.
for, openSUSE_Leap_16.0
if you’re using a different version of openSUSE.
With the repository added, import its GPG key:
sudo zypper --gpg-auto-import-keys refresh
Finally, upgrade the package cache to include the new snappy repository:
sudo zypper dup --from snappy
Snap can now be installed with the following:
sudo zypper install snapd
You then need to either reboot, logout/login or source /etc/profile
to have /snap/bin added to PATH.
Additionally, enable and start both the snapd and the snapd.apparmor services with the following commands:
sudo systemctl enable --now snapd
sudo systemctl enable --now snapd.apparmor
To install TmpWatcher, simply use the following command:
sudo snap install tmpwatcher
Browse and find snaps from the convenience of your desktop using the snap store snap.
Interested to find out more about snaps? Want to publish your own application? Visit snapcraft.io now.