Re: Tripwire temporary files

[Cy Schubert - ITSD Open Systems Group <Cy.Schubert () uumail gov bc ca>]

In message <20010713080836.A161232 () messi uku fi>, "Jarno Huuskonen" 
writes:
> If you look a little below you'll see a call to FileDelete(strName); So
> first you create a file with mkstemp and then unlink it. And because
> cFileArchive::OpenReadWrite(line 708) then opens the same file(name) without
> O_EXCL there still is a race. So I don't think this is a sufficient fix.
> You should make cFileArchive::OpenReadWrite use O_EXCL.
> I have --> untested <-- patch (probably fails horribly ;-) for this:
> http://www.uku.fi/~jhuuskon/Patches/tripwire-2.3.1-2-O_EXCL.patch

I applied your patch to the upcoming FreeBSD Tripwire-2.3.1 port.  I 
tested it  and it works!

> > We haven't had a chance to install the commercial version yet, however 
> > if the commercial version is vulnerable (I've notified TripwireSecurity 
> > of the possibility and I'm betting dollars to donuts that is might be) 
> > a possible workaround would be to create a shared library with a 
> > function named mktemp which would call mkstemp() as in the patches 
> > above, then execute tripwire using LD_PRELOAD to load the mktemp 
> > wrapper.
>
> On Thu, Jul 12, Cy Schubert - ITSD Open Systems Group wrote:
> Back in january the binary tripwire 2.2.1 for linux was statically
> compiled / linked. Can you use LD_PRELOAD with static executables ?

LD_PRELOAD only works on dynamically linked binaries.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert () osg gov bc ca
Open Systems Group, ITSD, ISTA
Province of BC