[Owasp-modsecurity-core-rule-set] Input filter: failed to create temporary file

Brian Rectanus Brian.Rectanus at breach.com
Mon Jan 11 15:46:07 EST 2010


Matthew Saltzman wrote:
> On Mon, 2010-01-11 at 12:57 -0500, Ryan Barnett wrote: 
>> On Monday 11 January 2010 12:50:00 pm Matthew Saltzman wrote:
>>> On Mon, 2010-01-11 at 11:57 -0500, Ryan Barnett wrote:
>>>> On Friday 08 January 2010 08:26:35 pm Matthew Saltzman wrote:
>>>>> Hello, I hope I'm in the right place--I'm a complete newbie at this and
>>>>> it's not my day job.
>>>>>
>>>>> Could someone please explain to me what's going on with the following:
>>>>>
>>>>>         [Fri Jan 08 13:07:45 2010] [error] [client 129.138.19.192]
>>>>>  ModSecurity: Input fi lter: Failed to create temporary file:
>>>>>  /tmp/httpd/20100108-130745-EHX6ekKtxHEAAC
>>>>> F9asQAAAAB-request_body-RFm2a5 [hostname "projects.coin-or.org"] [uri
>>>>> "/Csdp/att
>>>>>  achment/wiki/WikiStart/"] [unique_id "EHX6ekKtxHEAACF9asQAAAAB"] [Fri
>>>>> Jan 08 13:07:45 2010] [error] [client 129.138.19.192] ModSecurity:
>>>>> Input fi lter: Failed to delete temporary file:
>>>>>  /tmp/httpd/20100108-130745-EHX6ekKtxHEAAC
>>>>> F9asQAAAAB-request_body-RFm2a5 [hostname "projects.coin-or.org"] [uri
>>>>> "/Csdp/att
>>>>>  achment/wiki/WikiStart/"] [unique_id "EHX6ekKtxHEAACF9asQAAAAB"]
>>>>>
>>>>> I have a pristine installation of mod_security-2.5.9-1.el5 from the
>>>>> EPEL repository on a Red Hat Enterprise 5 system.  The problem is from
>>>>> a trac-0.11.5-1.el5.rf project page.
>>>>>
>>>>> If you need more info to help, I'm glad to provide whatever I can, or
>>>>> if I should be asking elsewhere, please let me know.  TIA for your kind
>>>>> assistance.
>>>> Matt,
>>>> Looking at the error message and the temporary path/filename ModSecurity
>>>> is attempting to create, this looks like it is related to either the
>>>> SecTmpDir or SecUploadDir directives -
>>>>
>>>> http://www.modsecurity.org/documentation/modsecurity-apache/2.5.11/modsec
>>>> urity2-apache- reference.html#N10C18
>>>>
>>>> Check your mod configs and see where you have specified /tmp/httpd in
>>>> those directives.  You will need to follow the ownership/perms
>>>> requirements for these directives related to the Apache user.
>>> Both of these directives in modsecurity_crs_10_config.conf are set
>>> to /tmp.
>>>
>>> $ ls -ld /tmp
>>> drwxrwxrwt 7 root root 4096 Jan 11 12:45 /tmp
>>>
>>> Actually,
>>>
>>> $ ls -ldZ /tmp
>>> drwxrwxrwt. root root system_u:object_r:tmp_t:s0       /tmp
>>>
>>> Could this be an SELinux issue?
>>>
>> Good question.  Anyone else running SELinux run into similar perm issues?
>>
>> I will also check with Brian Rectanus (Lead Mod Developer).
> 
> Answering my own question, no changing to permissive mode doesn't affect
> the error.

I don't think temp files will create the directory structure (working
from memory here).  Verify that it does not happen after creating
/tmp/httpd with mode 1777.  I would not create it there, though.  Better
in something like /var/httpd/modsec/tmp and used only for modsec.

-B

-- 
Brian Rectanus
Breach Security


More information about the Owasp-modsecurity-core-rule-set mailing list