[Owasp-modsecurity-core-rule-set] Input filter: failed to create temporary file

Ryan Barnett ryan.barnett at breach.com
Mon Jan 11 12:57:45 EST 2010


On Monday 11 January 2010 12:50:00 pm Matthew Saltzman wrote:
> On Mon, 2010-01-11 at 11:57 -0500, Ryan Barnett wrote:
> > On Friday 08 January 2010 08:26:35 pm Matthew Saltzman wrote:
> > > Hello, I hope I'm in the right place--I'm a complete newbie at this and
> > > it's not my day job.
> > >
> > > Could someone please explain to me what's going on with the following:
> > >
> > >         [Fri Jan 08 13:07:45 2010] [error] [client 129.138.19.192]
> > >  ModSecurity: Input fi lter: Failed to create temporary file:
> > >  /tmp/httpd/20100108-130745-EHX6ekKtxHEAAC
> > > F9asQAAAAB-request_body-RFm2a5 [hostname "projects.coin-or.org"] [uri
> > > "/Csdp/att
> > >  achment/wiki/WikiStart/"] [unique_id "EHX6ekKtxHEAACF9asQAAAAB"] [Fri
> > > Jan 08 13:07:45 2010] [error] [client 129.138.19.192] ModSecurity:
> > > Input fi lter: Failed to delete temporary file:
> > >  /tmp/httpd/20100108-130745-EHX6ekKtxHEAAC
> > > F9asQAAAAB-request_body-RFm2a5 [hostname "projects.coin-or.org"] [uri
> > > "/Csdp/att
> > >  achment/wiki/WikiStart/"] [unique_id "EHX6ekKtxHEAACF9asQAAAAB"]
> > >
> > > I have a pristine installation of mod_security-2.5.9-1.el5 from the
> > > EPEL repository on a Red Hat Enterprise 5 system.  The problem is from
> > > a trac-0.11.5-1.el5.rf project page.
> > >
> > > If you need more info to help, I'm glad to provide whatever I can, or
> > > if I should be asking elsewhere, please let me know.  TIA for your kind
> > > assistance.
> >
> > Matt,
> > Looking at the error message and the temporary path/filename ModSecurity
> > is attempting to create, this looks like it is related to either the
> > SecTmpDir or SecUploadDir directives -
> >
> > http://www.modsecurity.org/documentation/modsecurity-apache/2.5.11/modsec
> >urity2-apache- reference.html#N10C18
> >
> > Check your mod configs and see where you have specified /tmp/httpd in
> > those directives.  You will need to follow the ownership/perms
> > requirements for these directives related to the Apache user.
> 
> Both of these directives in modsecurity_crs_10_config.conf are set
> to /tmp.
> 
> $ ls -ld /tmp
> drwxrwxrwt 7 root root 4096 Jan 11 12:45 /tmp
> 
> Actually,
> 
> $ ls -ldZ /tmp
> drwxrwxrwt. root root system_u:object_r:tmp_t:s0       /tmp
> 
> Could this be an SELinux issue?
> 

Good question.  Anyone else running SELinux run into similar perm issues?

I will also check with Brian Rectanus (Lead Mod Developer).

-Ryan


More information about the Owasp-modsecurity-core-rule-set mailing list