[Owasp-modsecurity-core-rule-set] Input filter: failed to create temporary file

Brian Rectanus Brian.Rectanus at breach.com
Thu Jan 14 20:00:46 EST 2010

Matthew Saltzman wrote:
> On Thu, 2010-01-14 at 13:22 -0800, Brian Rectanus wrote: 
>> Matthew Saltzman wrote:
>>> On Mon, 2010-01-11 at 22:04 -0500, Matthew Saltzman wrote: 
>>>> On Mon, 2010-01-11 at 12:46 -0800, Brian Rectanus wrote: 
>>>>> I don't think temp files will create the directory structure (working
>>>>> from memory here).  Verify that it does not happen after creating
>>>>> /tmp/httpd with mode 1777.  I would not create it there, though.  Better
>>>>> in something like /var/httpd/modsec/tmp and used only for modsec.
>>>> Interesting:
>>>>       * Making /tmp/httpd, mode 1777, owner apache:apache solves the
>>>>         problem.
>>>> This seems like a bug--you can't count on the directory to exist
>>>> (particularly if it lives in /tmp), so you have to check and either not
>>>> use it or create it.
>>>>       * Changing /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
>>>>         to point to a different directory for SecUploadDir, SecDataDir,
>>>>         and SecTmpDir and either reloading or restarting httpd doesn't
>>>>         change where the file is created--it's still in /tmp. 
>>>>       * Moving the directives to modsecurity_localrules.conf has the
>>>>         same lack of effect on the location where the file is written.
>>>> So either I'm doing something wrong here, or my directives are being
>>>> ignored for some reason.  More hints welcome.
>>>> Thanks for your help so far.
>>> Any suggestions how I should follow this up?  Can anyone confirm that
>>> it's a bug or explain how to work around it?  Or should I be taking it
>>> to a different list?
>>> Thanks.
>> If the directives are not changing it, then maybe they are set later on
>> in the config somewhere (ie overwriting your change)?  I suggest you
>> grep for where SecTmpDir may be set in another location.
> The only occurrences I can find are
> in /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf and 
> /etc/httpd/modsecurity.d/modsecurity_localrules.conf.  The former came
> with the installation, the latter are my changes, which AIUI will
> override the ones in the file that sorts earlier.  There is one instance
> of each directive in each of the files.  Also, changing the ones in
> modsecurity_crs_10_config.conf didn't seem to help either.
>> -B

Then I'll take a look when I get a chance and verify it is working for me.


Brian Rectanus
Breach Security

More information about the Owasp-modsecurity-core-rule-set mailing list