The rkhunter package has the following set: TMPDIR=/var/lib/rkhunter which is world-readable: # ls -al /var/lib/rkhunter/ total 28 drwxr-xr-x 3 root root 4096 Oct 19 03:16 . It may thus be possible, that any file copied there by rkhunter, may have it's access restrictions prevented, which is also why the rkhunter.conf documentation already says: # NOTE: Do not use '/tmp' as your temporary directory. Some important files # will be written to this directory, so be sure that the directory permissions # are secure. Cheers, Chris.
I might be missing something, but I don't see any issue here... That dir is world readable, but not writable. Nothing inside it that is sensitive is readable to non priv users. rkhunter uses mktemp for temp files, so they should be fine. I suppose we could change the dir to 700, but I don't see a urgent reason to.
Read the documentation: rkhunter may copy temporary files (or parts of) from other system locations there in order to scan/analyze them. So you could have something like /etc/unaccessible-dir/readable-password-file which is copied there, and then the protection from unaccessible-dir no longer applies. The proper way is to use the default for TMPDIR, which is /var/lib/rkhunter/tmp and create that dir u=rwx,go= Cheers, Chris.
rkhunter-1.4.2-5.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/rkhunter-1.4.2-5.fc21
rkhunter-1.4.2-5.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/rkhunter-1.4.2-5.fc20
rkhunter-1.4.2-5.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/rkhunter-1.4.2-5.fc19
rkhunter-1.4.2-5.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/rkhunter-1.4.2-5.el7
rkhunter-1.4.2-4.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/rkhunter-1.4.2-4.el6
Package rkhunter-1.4.2-5.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing rkhunter-1.4.2-5.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-13683/rkhunter-1.4.2-5.fc20 then log in and leave karma (feedback).
rkhunter-1.4.2-5.fc20 works
rkhunter-1.4.2-5.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
rkhunter-1.4.2-5.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
rkhunter-1.4.2-5.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
rkhunter-1.4.2-5.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
rkhunter-1.4.2-4.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.