[21551] in bugtraq
Re: Tripwire temporary files
daemon@ATHENA.MIT.EDU (Cy Schubert - ITSD Open Systems Gr)
Mon Jul 16 22:23:48 2001
Message-Id: <200107162251.f6GMpNd15685@cwsys.cwsent.com>
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
To: "Jarno Huuskonen" <Jarno.Huuskonen@uku.fi>
Cc: "Cy Schubert - ITSD Open Systems Group" <Cy.Schubert@uumail.gov.bc.ca>,
"Charles Stevenson" <core@ezlink.com>,
"Bugtraq" <bugtraq@securityfocus.com>,
"Vuln-dev" <vuln-dev@securityfocus.com>
In-reply-to: Your message of "Fri, 13 Jul 2001 08:08:37 +0300."
<20010713080836.A161232@messi.uku.fi>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 16 Jul 2001 15:50:51 -0700
In message <20010713080836.A161232@messi.uku.fi>, "Jarno Huuskonen"
writes:
> If you look a little below you'll see a call to FileDelete(strName); So
> first you create a file with mkstemp and then unlink it. And because
> cFileArchive::OpenReadWrite(line 708) then opens the same file(name) without
> O_EXCL there still is a race. So I don't think this is a sufficient fix.
> You should make cFileArchive::OpenReadWrite use O_EXCL.
> I have --> untested <-- patch (probably fails horribly ;-) for this:
> http://www.uku.fi/~jhuuskon/Patches/tripwire-2.3.1-2-O_EXCL.patch
I applied your patch to the upcoming FreeBSD Tripwire-2.3.1 port. I
tested it and it works!
>
> > We haven't had a chance to install the commercial version yet, however
> > if the commercial version is vulnerable (I've notified TripwireSecurity
> > of the possibility and I'm betting dollars to donuts that is might be)
> > a possible workaround would be to create a shared library with a
> > function named mktemp which would call mkstemp() as in the patches
> > above, then execute tripwire using LD_PRELOAD to load the mktemp
> > wrapper.
>
> On Thu, Jul 12, Cy Schubert - ITSD Open Systems Group wrote:
> Back in january the binary tripwire 2.2.1 for linux was statically
> compiled / linked. Can you use LD_PRELOAD with static executables ?
LD_PRELOAD only works on dynamically linked binaries.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC
