[Owasp-modsecurity-core-rule-set] Input filter: failed to create temporary file

Matthew Saltzman mjs at clemson.edu
Mon Jan 11 15:41:09 EST 2010


On Mon, 2010-01-11 at 12:57 -0500, Ryan Barnett wrote: 
> On Monday 11 January 2010 12:50:00 pm Matthew Saltzman wrote:
> > On Mon, 2010-01-11 at 11:57 -0500, Ryan Barnett wrote:
> > > On Friday 08 January 2010 08:26:35 pm Matthew Saltzman wrote:
> > > > Hello, I hope I'm in the right place--I'm a complete newbie at this and
> > > > it's not my day job.
> > > >
> > > > Could someone please explain to me what's going on with the following:
> > > >
> > > >         [Fri Jan 08 13:07:45 2010] [error] [client 129.138.19.192]
> > > >  ModSecurity: Input fi lter: Failed to create temporary file:
> > > >  /tmp/httpd/20100108-130745-EHX6ekKtxHEAAC
> > > > F9asQAAAAB-request_body-RFm2a5 [hostname "projects.coin-or.org"] [uri
> > > > "/Csdp/att
> > > >  achment/wiki/WikiStart/"] [unique_id "EHX6ekKtxHEAACF9asQAAAAB"] [Fri
> > > > Jan 08 13:07:45 2010] [error] [client 129.138.19.192] ModSecurity:
> > > > Input fi lter: Failed to delete temporary file:
> > > >  /tmp/httpd/20100108-130745-EHX6ekKtxHEAAC
> > > > F9asQAAAAB-request_body-RFm2a5 [hostname "projects.coin-or.org"] [uri
> > > > "/Csdp/att
> > > >  achment/wiki/WikiStart/"] [unique_id "EHX6ekKtxHEAACF9asQAAAAB"]
> > > >
> > > > I have a pristine installation of mod_security-2.5.9-1.el5 from the
> > > > EPEL repository on a Red Hat Enterprise 5 system.  The problem is from
> > > > a trac-0.11.5-1.el5.rf project page.
> > > >
> > > > If you need more info to help, I'm glad to provide whatever I can, or
> > > > if I should be asking elsewhere, please let me know.  TIA for your kind
> > > > assistance.
> > >
> > > Matt,
> > > Looking at the error message and the temporary path/filename ModSecurity
> > > is attempting to create, this looks like it is related to either the
> > > SecTmpDir or SecUploadDir directives -
> > >
> > > http://www.modsecurity.org/documentation/modsecurity-apache/2.5.11/modsec
> > >urity2-apache- reference.html#N10C18
> > >
> > > Check your mod configs and see where you have specified /tmp/httpd in
> > > those directives.  You will need to follow the ownership/perms
> > > requirements for these directives related to the Apache user.
> > 
> > Both of these directives in modsecurity_crs_10_config.conf are set
> > to /tmp.
> > 
> > $ ls -ld /tmp
> > drwxrwxrwt 7 root root 4096 Jan 11 12:45 /tmp
> > 
> > Actually,
> > 
> > $ ls -ldZ /tmp
> > drwxrwxrwt. root root system_u:object_r:tmp_t:s0       /tmp
> > 
> > Could this be an SELinux issue?
> > 
> 
> Good question.  Anyone else running SELinux run into similar perm issues?
> 
> I will also check with Brian Rectanus (Lead Mod Developer).

Answering my own question, no changing to permissive mode doesn't affect
the error.

> 
> -Ryan

-- 
                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs


More information about the Owasp-modsecurity-core-rule-set mailing list