Bugtraq mailing list archives
Re: Tripwire temporary files
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert () uumail gov bc ca>
Date: Mon, 16 Jul 2001 15:50:51 -0700
In message <20010713080836.A161232 () messi uku fi>, "Jarno Huuskonen" writes:
If you look a little below you'll see a call to FileDelete(strName); So first you create a file with mkstemp and then unlink it. And because cFileArchive::OpenReadWrite(line 708) then opens the same file(name) without O_EXCL there still is a race. So I don't think this is a sufficient fix. You should make cFileArchive::OpenReadWrite use O_EXCL. I have --> untested <-- patch (probably fails horribly ;-) for this: http://www.uku.fi/~jhuuskon/Patches/tripwire-2.3.1-2-O_EXCL.patch
I applied your patch to the upcoming FreeBSD Tripwire-2.3.1 port. I tested it and it works!
We haven't had a chance to install the commercial version yet, however if the commercial version is vulnerable (I've notified TripwireSecurity of the possibility and I'm betting dollars to donuts that is might be) a possible workaround would be to create a shared library with a function named mktemp which would call mkstemp() as in the patches above, then execute tripwire using LD_PRELOAD to load the mktemp wrapper.On Thu, Jul 12, Cy Schubert - ITSD Open Systems Group wrote: Back in january the binary tripwire 2.2.1 for linux was statically compiled / linked. Can you use LD_PRELOAD with static executables ?
LD_PRELOAD only works on dynamically linked binaries. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert () osg gov bc ca Open Systems Group, ITSD, ISTA Province of BC
Current thread:
- Tripwire temporary files Jarno Huuskonen (Jul 09)
- Re: Tripwire temporary files Charles Stevenson (Jul 10)
- Re: Tripwire temporary files Cy Schubert - ITSD Open Systems Group (Jul 15)
- Re: Tripwire temporary files Jarno Huuskonen (Jul 15)
- Re: Tripwire temporary files Cy Schubert - ITSD Open Systems Group (Jul 16)
- Re: Tripwire temporary files Cy Schubert - ITSD Open Systems Group (Jul 15)
- Re: Tripwire temporary files Charles Stevenson (Jul 10)
- Re: Tripwire temporary files Paul Starzetz (Jul 10)
- Re: Tripwire temporary files Jarno Huuskonen (Jul 10)