[8987] in bugtraq
Re: Tripwire mess..
daemon@ATHENA.MIT.EDU (CyberPsychotic)
Fri Jan 8 12:50:15 1999
Date: Fri, 8 Jan 1999 12:31:40 +0500
Reply-To: fygrave@tigerteam.net
From: CyberPsychotic <mlists@GIZMO.KYRNET.KG>
X-To: Austin Schutz <tex@SHRUBBERY.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990106184150.07246@shrubbery.net>
~
~ I reported this to the author maybe a year and a half ago(?). I
~ was evidently not the first as the author already knew about the problem.
~ I would recommend against using security tools that are not properly
~ maintained. It's probably worth looking at the release date of a package
~ before using it and reconsidering if it hasn't been touched within the
~ last 6 months or year. There are probably other bugs lurking that the
~ author hasn't bothered to fix.
~
yes. After my post to bugtraq I had one private message from a person,
who pointed me to tripwire-1.3 source code, which is realeased for
Academic use by visualcomputing. I checked the source out, the bug which I
mentioned (marked with(*)(among some others) is fixed there(from
Changelog):
~
~ 1.3 (release) Fri Jul 17 18:02:53 PDT 1998
~ fixed database entry consistency bug.
~(*) fixed database filename construction routine.
~ made "loosedir" reporting the default. makes superfluous directory
~ changes go away.
~ made reports more succinct, and much more quiet when there's nothing
~ worth reporting.
~ updated manual.
~ added Visual Computing Corporation banner to startup.
~ eliminated RCS banners for any changed files (RCS no longer being
~ the source control system for our source archives).
~ pulled out user manual (.doc and .pdf files) out of Tripwire package.
~ will be distributed separately.
~ removed twdb_check.pl from Tripwire package.
~ updated README, README.FIRST, and COAST.info files.
~ aux directory is now util, to accommodate DOS FAT filename
~ restrictions.
I think Tripwire just went commercial and they do not feel to update their
old stuff anymore. I have mirrored the 1-3 version of tripwire at
http://www.underground.org.kg/security/tripwire if anyone is interested
(or you could get it from www.visualcomputing.com after filling in some
webform).
regards
Fyodor