[Owasp-modsecurity-core-rule-set] Input filter: failed to create temporary file

Matthew Saltzman mjs at clemson.edu
Thu Jan 14 19:03:14 EST 2010


On Thu, 2010-01-14 at 13:22 -0800, Brian Rectanus wrote: 
> Matthew Saltzman wrote:
> > On Mon, 2010-01-11 at 22:04 -0500, Matthew Saltzman wrote: 
> >> On Mon, 2010-01-11 at 12:46 -0800, Brian Rectanus wrote: 
> >>> I don't think temp files will create the directory structure (working
> >>> from memory here).  Verify that it does not happen after creating
> >>> /tmp/httpd with mode 1777.  I would not create it there, though.  Better
> >>> in something like /var/httpd/modsec/tmp and used only for modsec.
> >> Interesting:
> >>
> >>       * Making /tmp/httpd, mode 1777, owner apache:apache solves the
> >>         problem.
> >>
> >> This seems like a bug--you can't count on the directory to exist
> >> (particularly if it lives in /tmp), so you have to check and either not
> >> use it or create it.
> >>
> >>       * Changing /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
> >>         to point to a different directory for SecUploadDir, SecDataDir,
> >>         and SecTmpDir and either reloading or restarting httpd doesn't
> >>         change where the file is created--it's still in /tmp. 
> >>       * Moving the directives to modsecurity_localrules.conf has the
> >>         same lack of effect on the location where the file is written.
> >>
> >> So either I'm doing something wrong here, or my directives are being
> >> ignored for some reason.  More hints welcome.
> >>
> >> Thanks for your help so far.
> > 
> > Any suggestions how I should follow this up?  Can anyone confirm that
> > it's a bug or explain how to work around it?  Or should I be taking it
> > to a different list?
> > 
> > Thanks.
> 
> If the directives are not changing it, then maybe they are set later on
> in the config somewhere (ie overwriting your change)?  I suggest you
> grep for where SecTmpDir may be set in another location.

The only occurrences I can find are
in /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf and 
/etc/httpd/modsecurity.d/modsecurity_localrules.conf.  The former came
with the installation, the latter are my changes, which AIUI will
override the ones in the file that sorts earlier.  There is one instance
of each directive in each of the files.  Also, changing the ones in
modsecurity_crs_10_config.conf didn't seem to help either.

> 
> -B
> 

-- 
                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs


More information about the Owasp-modsecurity-core-rule-set mailing list