lotus
previous page: 08 Is there a newer version of cops?
  
page up: comp.security.unix and comp.security.misc FAQ
  
next page: 10 Cops won't "make" in some versions of linux (GNU).

09 Tripwire fails the self-test, dumps core when building the database, and dumps core when verifying.




Description

This article is from the comp.security.unix and comp.security.misc FAQ, by Alan J Rosenthal flaps@dgp.toronto.edu with numerous contributions by others.

09 Tripwire fails the self-test, dumps core when building the database, and dumps core when verifying.

Fails the self-test (on fast machines):

You have to slow it down (just the self-test scripts, not the tripwire binary
itself). The test scripts create and then update a file, and then fail to
detect that the timestamp has changed. But this is ok, because the timestamp
has indeed not changed, because this all happens within a second on some
modern machines. This occurs in a few places in the test scripts. If a
second-boundary happens to be crossed during this brief interval, then that
particular test will succeed, but another one might fail soon.

In the tests directory, edit 3 of the 4 files named test.*.sh:
in test.escape.sh, add "sleep 1" on line 46 (in the cert version), just before
running tripwire; in inter and update, un-comment-out the "sleep 1".
If this isn't good enough (obscure but can happen), use "sleep 2". See
ftp://coast.cs.purdue.edu/pub/COAST/Tripwire/README-third

Dumps core when building the database (if you have 8-bit chars in filenames):

Tripwire 1.2 contains a bug relating to octal printing of 8-bit chars in file
names. The bug occurs in filename_escape() in src/utils.c. Double the size
of the "octal_array" to contain all 256 possible entries, and change
octal_array[(int)(*pcin)] to octal_array[*pcin & 255] farther down.
(This only works if you have eight-bit bytes, of course, but most of us do.)

Dumps core when verifying (this bug surfaces on some systems only):

In config.parse.c just before the end of configfile_read(), on line 356 in
the tripwire 1.2 distribution, there is a "rewind(fpout);". It should be
conditional on "specified_configmode" as in the previous 'if' statement:
at this point the values "fpin" and "fpout" are the same (see line 184), so
it is actually rewinding the fp it might have closed in the previous line.
So simply add the word "else" before the "rewind". (Perhaps change "fpout"
to "fpin" for clarity, although this won't affect its behaviour.)

 

Continue to:












TOP
previous page: 08 Is there a newer version of cops?
  
page up: comp.security.unix and comp.security.misc FAQ
  
next page: 10 Cops won't "make" in some versions of linux (GNU).