Date: Sun, 12 Mar 2000 23:00:55 -0500 (EST) From: adrian@ubergeeks.com To: FreeBSD-gnats-submit@freebsd.org Subject: ports/17350: patches for tripwire: mktemp() and more Message-ID: <200003130400.XAA78103@newbie.cho.cstone.net>
next in thread | raw e-mail | index | archive | help
>Number: 17350
>Category: ports
>Synopsis: tripwire used mktemp(), siggen not installed, not packagable
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Mar 12 20:10:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: Adrian Filipi-Martin
>Release: FreeBSD 3.4-RELEASE i386
>Organization:
Ubergeeks Consulting
>Environment:
Under 3.4-RELEASE with /usr/ports from 03/08/00.
>Description:
Three problems:
(1) siggen(8) had it's manpage installed, but the binary was not
installed.
(2) Linking produced warnings about using mktemp(3) in possibly
insecure ways. Source is probably vulnerable to race-conditions
in /tmp.
(3) The port could not be used to make a package, even if it could
not be distributed as such.
>How-To-Repeat:
cd /usr/ports/security/tripwire
make
make package
man siggen
siggen
>Fix:
Attached is a sharfile containing the "fixed" port. The .orig
files can be used to generate diff's for the port related files.
Note a XXX.orig file with no corresponting XXX file indicates
that the file, XXX, was removed.
The patches/patch-b? files are the patches necessary to replace
all uses of mktemp(3) with mkstemp(3). The look fine and work
for me, but I would welcome another set of eyes making sure I
didn't blow the semantics of the code in a subtle manner.
To make the port more "packagable", I removed the "make a floppy"
feature of the top level makefile. This isn't a great loss
since it is not a valid means of maintaining the tripwire
database files over the long haul.
While at it, I also silenced bogus warning about files that
do not normally exist under 4.4BSD and its derivatives. I also
took the liberty of relocating the DB from /var/adm to /var/db
since this is a more consistent use of the /var hierarchy.
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# .
# ./files
# ./files/tw.conf.freebsd2.orig
# ./files/conf-freebsd2.h
# ./files/md5
# ./files/tw.conf.freebsd2
# ./files/twcheck.orig
# ./patches
# ./patches/patch-aa.orig
# ./patches/patch-aa
# ./patches/patch-ab
# ./patches/patch-ac
# ./patches/patch-ba
# ./patches/patch-bb
# ./patches/patch-bc
# ./patches/patch-bd
# ./patches/patch-be
# ./patches/patch-bf
# ./Makefile
# ./pkg
# ./pkg/PLIST.orig
# ./pkg/COMMENT
# ./pkg/DESCR
# ./pkg/PLIST
# ./pkg/INSTALL
# ./pkg/DESCR.orig
# ./Makefile.orig
#
echo c - .
mkdir -p . > /dev/null 2>&1
echo c - ./files
mkdir -p ./files > /dev/null 2>&1
echo x - ./files/tw.conf.freebsd2.orig
sed 's/^X//' >./files/tw.conf.freebsd2.orig << 'END-of-./files/tw.conf.freebsd2.orig'
X# $FreeBSD: ports/security/tripwire/files/tw.conf.freebsd2,v 1.5 1999/08/31 01:51:58 peter Exp $
X#
X# tripwire.config
X# Generic version for FreeBSD
X# Will need editing...see comments below
X#
X# This file contains a list of files and directories that System
X# Preener will scan. Information collected from these files will be
X# stored in the tripwire.database file.
X#
X# Format: [!|=] entry [ignore-flags]
X#
X# where: '!' signifies the entry is to be pruned (inclusive) from
X# the list of files to be scanned.
X# '=' signifies the entry is to be added, but if it is
X# a directory, then all its contents are pruned
X# (useful for /tmp).
X#
X# where: entry is the absolute pathname of a file or a directory
X#
X# where ignore-flags are in the format:
X# [template][ [+|-][pinugsam12] ... ]
X#
X# - : ignore the following atributes
X# + : do not ignore the following attributes
X#
X# p : permission and file mode bits a: access timestamp
X# i : inode number m: modification timestamp
X# n : number of links (ref count) c: inode creation timestamp
X# u : user id of owner 1: signature 1
X# g : group id of owner 2: signature 2
X# s : size of file
X#
X#
X# Ex: The following entry will scan all the files in /etc, and report
X# any changes in mode bits, inode number, reference count, uid,
X# gid, modification and creation timestamp, and the signatures.
X# However, it will ignore any changes in the access timestamp.
X#
X# /etc +pinugsm12-a
X#
X# The following templates have been pre-defined to make these long ignore
X# mask descriptions unecessary.
X#
X# Templates: (default) R : [R]ead-only (+pinugsm12-a)
X# L : [L]og file (+pinug-sam12)
X# N : ignore [N]othing (+pinusgsamc12)
X# E : ignore [E]verything (-pinusgsamc12)
X#
X# By default, Tripwire uses the R template -- it ignores
X# only the access timestamp.
X#
X# You can use templates with modifiers, like:
X# Ex: /etc/lp E+ug
X#
X# Example configuration file:
X# /etc R # all system files
X# !/etc/lp R # ...but not those logs
X# =/tmp N # just the directory, not its files
X#
X# Note the difference between pruning (via "!") and ignoring everything
X# (via "E" template): Ignoring everything in a directory still monitors
X# for added and deleted files. Pruning a directory will prevent Tripwire
X# from even looking in the specified directory.
X#
X#
X# Tripwire running slowly? Modify your tripwire.config entries to
X# ignore the (signature 2) attribute when this computationally-exorbitant
X# protection is not needed. (See README and design document for further
X# details.)
X#
X
X# First, root's traditional "home". Note that FreeBSD's root's home (/root)
X# is protected by R-2 protections in the default config file.
X=/ L
X/.rhosts R # may not exist
X/.profile R # may not exist
X/.cshrc R # may not exist
X/.login R # may not exist
X/.exrc R # may not exist
X/.logout R # may not exist
X/.forward R # may not exist
X
X# Unix itself
X/kernel R
X
X# /bin
X/bin R-2
X
X# /dev
X/dev L
X
X# /etc
X/etc R-2
X/etc/aliases L
X/etc/dumpdates L
X/etc/motd L
X
X# my passwd database should be static at time of system build. yours may
X# not be, if not, uncomment the lines below.
X
X# /etc/passwd L
X# /etc/master.passwd L
X# /etc/pwd.db L
X# /etc/spwd.db L
X
X# /home
X=/home
X
X# /lkm and /modules
X/lkm R-2
X/modules R-2
X
X# /boot
X/boot R-2
X
X# /root
X/root R-2
X/root/.history L
X
X# /sbin
X/sbin R-2
X
X# /stand
X/stand R-2
X
X# /usr/bin
X/usr/bin R-2
X
X/usr/include R-12
X
X/usr/lib R-2
X
X/usr/libdata R-2
X
X/usr/libexec R-2
X
X/usr/local/bin R-2
X
X/usr/local/etc L
X
X/usr/local/lib R-2
X
X/usr/local/libexec R-2
X
X/usr/local/sbin R-2
X
X/usr/local/share R-2
X
X/usr/sbin R-2
X
X/usr/share R-2
X
X###########################################
END-of-./files/tw.conf.freebsd2.orig
echo x - ./files/conf-freebsd2.h
sed 's/^X//' >./files/conf-freebsd2.h << 'END-of-./files/conf-freebsd2.h'
X/* $FreeBSD: ports/security/tripwire/files/conf-freebsd2.h,v 1.2 1999/08/31 01:51:57 peter Exp $ */
X
X/*
X * conf-freebsd2.h
X *
X * Tripwire configuration file
X *
X * Joe Greco
X * sol.net Network Services
X * Derived from the other BSD config.h's
X */
X
X/***
X *** Operating System specifics
X ***
X *** If the answer to a question in the comment is "Yes", then
X *** change the corresponding "#undef" to a "#define"
X ***/
X
X/*
X * is your OS a System V derivitive? if so, what version?
X * (e.g., define SYSV 4)
X */
X
X#undef SYSV
X
X/*
X * does your system have a <malloc.h> like System V?
X */
X
X#undef MALLOCH
X
X/*
X * does your system have a <stdlib.h> like POSIX says you should?
X */
X
X#define STDLIBH
X
X/*
X * does your system use readdir(3) that returns (struct dirent *)?
X */
X
X#define DIRENT
X
X/*
X * is #include <string.h> ok? (as opposed to <strings.h>)
X */
X
X#define STRINGH
X
X/*
X * does your system have gethostname(2) (instead of uname(2))?
X */
X
X#define GETHOSTNAME
END-of-./files/conf-freebsd2.h
echo x - ./files/md5
sed 's/^X//' >./files/md5 << 'END-of-./files/md5'
XMD5 (tripwire-1.2.tar.Z) = c82e0327e0caa1821e3e564fa1938d88
END-of-./files/md5
echo x - ./files/tw.conf.freebsd2
sed 's/^X//' >./files/tw.conf.freebsd2 << 'END-of-./files/tw.conf.freebsd2'
X# $FreeBSD: ports/security/tripwire/files/tw.conf.freebsd2,v 1.5 1999/08/31 01:51:58 peter Exp $
X#
X# tripwire.config
X# Generic version for FreeBSD
X# Will need editing...see comments below
X#
X# This file contains a list of files and directories that System
X# Preener will scan. Information collected from these files will be
X# stored in the tripwire.database file.
X#
X# Format: [!|=] entry [ignore-flags]
X#
X# where: '!' signifies the entry is to be pruned (inclusive) from
X# the list of files to be scanned.
X# '=' signifies the entry is to be added, but if it is
X# a directory, then all its contents are pruned
X# (useful for /tmp).
X#
X# where: entry is the absolute pathname of a file or a directory
X#
X# where ignore-flags are in the format:
X# [template][ [+|-][pinugsam12] ... ]
X#
X# - : ignore the following atributes
X# + : do not ignore the following attributes
X#
X# p : permission and file mode bits a: access timestamp
X# i : inode number m: modification timestamp
X# n : number of links (ref count) c: inode creation timestamp
X# u : user id of owner 1: signature 1
X# g : group id of owner 2: signature 2
X# s : size of file
X#
X#
X# Ex: The following entry will scan all the files in /etc, and report
X# any changes in mode bits, inode number, reference count, uid,
X# gid, modification and creation timestamp, and the signatures.
X# However, it will ignore any changes in the access timestamp.
X#
X# /etc +pinugsm12-a
X#
X# The following templates have been pre-defined to make these long ignore
X# mask descriptions unecessary.
X#
X# Templates: (default) R : [R]ead-only (+pinugsm12-a)
X# L : [L]og file (+pinug-sam12)
X# N : ignore [N]othing (+pinusgsamc12)
X# E : ignore [E]verything (-pinusgsamc12)
X#
X# By default, Tripwire uses the R template -- it ignores
X# only the access timestamp.
X#
X# You can use templates with modifiers, like:
X# Ex: /etc/lp E+ug
X#
X# Example configuration file:
X# /etc R # all system files
X# !/etc/lp R # ...but not those logs
X# =/tmp N # just the directory, not its files
X#
X# Note the difference between pruning (via "!") and ignoring everything
X# (via "E" template): Ignoring everything in a directory still monitors
X# for added and deleted files. Pruning a directory will prevent Tripwire
X# from even looking in the specified directory.
X#
X#
X# Tripwire running slowly? Modify your tripwire.config entries to
X# ignore the (signature 2) attribute when this computationally-exorbitant
X# protection is not needed. (See README and design document for further
X# details.)
X#
X
X# First, root's traditional "home". Note that FreeBSD's root's home (/root)
X# is protected by R-2 protections in the default config file.
X=/ L
X#/.rhosts R # may not exist
X#/.profile R # may not exist
X#/.cshrc R # may not exist
X#/.login R # may not exist
X#/.exrc R # may not exist
X#/.logout R # may not exist
X#/.forward R # may not exist
X
X# Unix itself
X/kernel R
X
X# /bin
X/bin R-2
X
X# /dev
X/dev L
X
X# /etc
X/etc R-2
X/etc/aliases L
X/etc/dumpdates L
X/etc/motd L
X
X# my passwd database should be static at time of system build. yours may
X# not be, if not, uncomment the lines below.
X
X# /etc/passwd L
X# /etc/master.passwd L
X# /etc/pwd.db L
X# /etc/spwd.db L
X
X# /home
X=/home
X
X# /lkm and /modules
X/lkm R-2
X/modules R-2
X
X# /boot
X/boot R-2
X
X# /root
X/root R-2
X/root/.history L
X
X# /sbin
X/sbin R-2
X
X# /stand
X/stand R-2
X
X# /usr/bin
X/usr/bin R-2
X
X/usr/include R-12
X
X/usr/lib R-2
X
X/usr/libdata R-2
X
X/usr/libexec R-2
X
X/usr/local/bin R-2
X
X/usr/local/etc L
X
X/usr/local/lib R-2
X
X/usr/local/libexec R-2
X
X/usr/local/sbin R-2
X
X/usr/local/share R-2
X
X/usr/sbin R-2
X
X/usr/share R-2
X
X###########################################
END-of-./files/tw.conf.freebsd2
echo x - ./files/twcheck.orig
sed 's/^X//' >./files/twcheck.orig << 'END-of-./files/twcheck.orig'
X#! /bin/sh -
X
X./gunzip < tw.db_`hostname`.gz | ./tripwire -dfd 0 -c tw.config
END-of-./files/twcheck.orig
echo c - ./patches
mkdir -p ./patches > /dev/null 2>&1
echo x - ./patches/patch-aa.orig
sed 's/^X//' >./patches/patch-aa.orig << 'END-of-./patches/patch-aa.orig'
X*** include/config.h.orig Fri Jul 15 06:02:52 1994
X--- include/config.h Sun Dec 31 18:56:20 1989
X***************
X*** 17,23 ****
X *** file that corresponds with your operating system.
X ***/
X
X! #include "../configs/conf-svr4.h"
X
X #ifdef TW_TYPE32
X typedef TW_TYPE32 int32;
X--- 17,23 ----
X *** file that corresponds with your operating system.
X ***/
X
X! #include "../configs/conf-freebsd2.h"
X
X #ifdef TW_TYPE32
X typedef TW_TYPE32 int32;
X***************
X*** 103,110 ****
X #endif
X */
X
X! #define CONFIG_PATH "/tmp/genek"
X! #define DATABASE_PATH "/tmp/genek"
X
X /******* name of Tripwire files **************************************
X *
X--- 103,110 ----
X #endif
X */
X
X! # define CONFIG_PATH "/var/adm/tcheck"
X! # define DATABASE_PATH "/var/adm/tcheck/databases"
X
X /******* name of Tripwire files **************************************
X *
END-of-./patches/patch-aa.orig
echo x - ./patches/patch-aa
sed 's/^X//' >./patches/patch-aa << 'END-of-./patches/patch-aa'
X*** include/config.h.orig Fri Jul 15 06:02:52 1994
X--- include/config.h Sun Dec 31 18:56:20 1989
X***************
X*** 17,23 ****
X *** file that corresponds with your operating system.
X ***/
X
X! #include "../configs/conf-svr4.h"
X
X #ifdef TW_TYPE32
X typedef TW_TYPE32 int32;
X--- 17,23 ----
X *** file that corresponds with your operating system.
X ***/
X
X! #include "../configs/conf-freebsd2.h"
X
X #ifdef TW_TYPE32
X typedef TW_TYPE32 int32;
X***************
X*** 103,110 ****
X #endif
X */
X
X! #define CONFIG_PATH "/tmp/genek"
X! #define DATABASE_PATH "/tmp/genek"
X
X /******* name of Tripwire files **************************************
X *
X--- 103,110 ----
X #endif
X */
X
X! # define CONFIG_PATH "/usr/local/etc"
X! # define DATABASE_PATH "/var/db/tripwire"
X
X /******* name of Tripwire files **************************************
X *
END-of-./patches/patch-aa
echo x - ./patches/patch-ab
sed 's/^X//' >./patches/patch-ab << 'END-of-./patches/patch-ab'
X*** Makefile.orig Mon Jul 25 10:59:41 1994
X--- Makefile Thu Jan 2 12:04:35 1997
X***************
X*** 12,21 ****
X ###
X
X # destination directory for final executables
X! DESTDIR = /secureplace/bin
X
X # destination for man pages
X! MANDIR = /usr/man
X
X # system utilities
X LEX = lex
X--- 12,21 ----
X ###
X
X # destination directory for final executables
X! DESTDIR = /usr/local/bin
X
X # destination for man pages
X! MANDIR = /usr/local/man
X
X # system utilities
X LEX = lex
X***************
X*** 60,66 ****
X #CPP = /lib/cpp # on older systems
X
X # make sure libraries are not linked dynamically (as a security measure)
X! LDFLAGS= # common
X #LDFLAGS= -non_shared # OSF/1
X #LDFLAGS= -Bstatic # SunOS 4 (cannot statically link tripwire
X # on Solaris 2.3)
X--- 60,67 ----
X #CPP = /lib/cpp # on older systems
X
X # make sure libraries are not linked dynamically (as a security measure)
X! LDFLAGS= -static
X! #LDFLAGS= # common
X #LDFLAGS= -non_shared # OSF/1
X #LDFLAGS= -Bstatic # SunOS 4 (cannot statically link tripwire
X # on Solaris 2.3)
END-of-./patches/patch-ab
echo x - ./patches/patch-ac
sed 's/^X//' >./patches/patch-ac << 'END-of-./patches/patch-ac'
XThis patch eliminates a compiler warning about LITTLE_ENDIAN begin
Xredefined.
X
X*** sigs/sha/sha.c.orig Mon Jul 25 08:46:45 1994
X--- sigs/sha/sha.c Mon Mar 31 19:55:23 1997
X***************
X*** 47,52 ****
X--- 47,54 ----
X #include "sha.h"
X
X #if BYTEORDER == 0x1234
X+ #undef BIG_ENDIAN
X+ #undef LITTLE_ENDIAN
X #define LITTLE_ENDIAN
X #endif
X
END-of-./patches/patch-ac
echo x - ./patches/patch-ba
sed 's/^X//' >./patches/patch-ba << 'END-of-./patches/patch-ba'
X--- src/config.parse.c.orig Sun Mar 12 18:56:09 2000
X+++ src/config.parse.c Sun Mar 12 19:04:00 2000
X@@ -55,7 +55,7 @@
X #endif
X
X /* prototypes */
X-char *mktemp();
X+int mkstemp();
X static void configfile_descend();
X
X #ifndef L_tmpnam
X@@ -82,6 +82,7 @@
X struct list **pp_entry_list;
X {
X FILE *fpin, *fpout = (FILE *) NULL;
X+ int fd;
X char filename[MAXPATHLEN+512];
X char ignorestring[1024];
X char s[MAXPATHLEN+1024];
X@@ -98,18 +99,6 @@
X if (!printpreprocess && !quietmode)
X fputs("### Phase 1: Reading configuration file\n", stderr);
X
X- /* generate temporary file name */
X- if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
X- perror("configfile_read: malloc()");
X- exit(1);
X- };
X- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
X-
X- if ((char *) mktemp(tmpfilename) == NULL) {
X- perror("configfile_read: mktemp()");
X- exit(1);
X- }
X-
X /* generate configuration file name */
X if (specified_configmode != SPECIFIED_FILE)
X sprintf(configfile, "%s/%s", config_path, config_file);
X@@ -149,8 +138,20 @@
X
X err = umask(077); /* to protect the tempfile */
X
X- if ((fpout = fopen(tmpfilename, "w+")) == NULL) {
X- sprintf(s, "tripwire: Couldn't open config file '%s'", configfile);
X+ /* generate temporary file name */
X+ if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
X+ perror("configfile_read: malloc()");
X+ exit(1);
X+ };
X+ (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
X+
X+ if ((fd = mkstemp(tmpfilename)) == -1) {
X+ perror("configfile_read: mkstemp()");
X+ exit(1);
X+ }
X+
X+ if ((fpout = fdopen(fd, "w+")) == NULL) {
X+ sprintf(s, "tripwire: Couldn't open tem config file '%s'", tmpfilename);
X perror(s);
X exit(1);
X }
END-of-./patches/patch-ba
echo x - ./patches/patch-bb
sed 's/^X//' >./patches/patch-bb << 'END-of-./patches/patch-bb'
X--- src/dbase.build.c.orig Sun Mar 12 18:51:12 2000
X+++ src/dbase.build.c Sun Mar 12 19:22:29 2000
X@@ -66,7 +66,7 @@
X int files_scanned_num = 0;
X
X /* prototypes */
X-char *mktemp();
X+int mkstemp();
X static void database_record_write();
X
X char backupfile[MAXPATHLEN+256];
X@@ -123,27 +123,6 @@
X
X oldumask = umask(077);
X
X- /* where do we write the new database? */
X- if (mode == DBASE_TEMPORARY) {
X- char *tmpfilename = (char *) malloc(strlen(TEMPFILE_TEMPLATE)+1);
X- if (tmpfilename == NULL)
X- die_with_err("malloc() failed in database_build", (char *) NULL);
X- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
X-
X- if ((char *) mktemp(tmpfilename) == NULL)
X- die_with_err("database_build: mktemp()", (char *) NULL);
X-
X- (void) strcpy(tempdatabase_file, tmpfilename);
X- (void) strcpy(database, tempdatabase_file);
X- free(tmpfilename);
X- } /* end if temporary database */
X- else if (mode == DBASE_UPDATE) {
X- sprintf(database, "./databases/%s", database_file);
X- } /* end if update mode */
X- else {
X- sprintf(database, "%s/%s", database_path, database_file);
X- } /* end if non-temporary database */
X-
X /* back up any existing database */
X if (mode == DBASE_UPDATE) {
X FILE *fpin, *fpout;
X@@ -223,9 +202,35 @@
X }
X }
X
X+ /* where do we write the new database? */
X+ if (mode == DBASE_TEMPORARY) {
X+ int fd;
X+ char *tmpfilename = (char *) malloc(strlen(TEMPFILE_TEMPLATE)+1);
X+ if (tmpfilename == NULL)
X+ die_with_err("malloc() failed in database_build", (char *) NULL);
X+ (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
X+
X+ if ((fd = mkstemp(tmpfilename)) == -1)
X+ die_with_err("database_build: mkstemp(%s)", tmpfilename);
X+
X+ (void) strcpy(tempdatabase_file, tmpfilename);
X+ (void) strcpy(database, tempdatabase_file);
X+ free(tmpfilename);
X+ if ((fpw = fdopen(fd, "w")) == NULL)
X+ die_with_err("fdopen() failed.", (char *) NULL);
X+ } /* end if temporary database */
X+ else {
X+ if (mode == DBASE_UPDATE) {
X+ sprintf(database, "./databases/%s", database_file);
X+ } /* end if update mode */
X+ else {
X+ sprintf(database, "%s/%s", database_path, database_file);
X+ } /* end if non-temporary database */
X+ if ((fpw = fopen(database, "w")) == NULL)
X+ die_with_err("Hint: Maybe the database directory '%s' doesn't exist? fopen()", database);
X+ }
X+
X /* rebuild the database */
X- if ((fpw = fopen(database, "w")) == NULL)
X- die_with_err("Hint: Maybe the database directory '%s' doesn't exist? fopen()", database);
X
X (void) umask(oldumask);
X
END-of-./patches/patch-bb
echo x - ./patches/patch-bc
sed 's/^X//' >./patches/patch-bc << 'END-of-./patches/patch-bc'
X--- src/preen.c.orig Sun Mar 12 19:22:54 2000
X+++ src/preen.c Sun Mar 12 19:23:04 2000
X@@ -37,7 +37,6 @@
X static int numentriesread = 0; /* running count of @@contents */
X
X /* prototypes */
X-char *mktemp();
X static void olddbasefile_load();
X
X char *updatemodes[] = {
END-of-./patches/patch-bc
echo x - ./patches/patch-bd
sed 's/^X//' >./patches/patch-bd << 'END-of-./patches/patch-bd'
X--- src/siggen.c.orig Sun Mar 12 18:46:47 2000
X+++ src/siggen.c Sun Mar 12 18:50:54 2000
X@@ -52,7 +52,7 @@
X
X extern int optind;
X int debuglevel = 0;
X-char *mktemp();
X+int mkstemp();
X
X int (*pf_signatures [NUM_SIGS]) () = {
X SIG0FUNC,
X@@ -165,6 +165,7 @@
X
X if (readstdin) {
X FILE *fpout;
X+ int fd;
X /* generate temporary file name */
X if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
X perror("main: malloc()");
X@@ -172,15 +173,15 @@
X };
X (void) strcpy(tmpfilename, "/tmp/twzXXXXXX");
X
X- if ((char *) mktemp(tmpfilename) == NULL) {
X- perror("siggen: mktemp()");
X+ if ((fd = mkstemp(tmpfilename)) == -1) {
X+ perror("siggen: mkstemp()");
X exit(1);
X }
X
X /* output */
X- if (!(fpout = fopen(tmpfilename, "w"))) {
X+ if (!(fpout = fdopen(fd, "w"))) {
X char err[1024];
X- sprintf(err, "main: fopen(%s)", tmpfilename);
X+ sprintf(err, "main: fdopen(%d)", fd);
X perror(err);
X exit(1);
X }
END-of-./patches/patch-bd
echo x - ./patches/patch-be
sed 's/^X//' >./patches/patch-be << 'END-of-./patches/patch-be'
X--- src/utils.c.orig Sun Mar 12 18:43:45 2000
X+++ src/utils.c Sun Mar 12 18:46:30 2000
X@@ -789,13 +789,8 @@
X int fd;
X
X (void) strcpy(tmp, TEMPFILE_TEMPLATE);
X- if ((char *) mktemp(tmp) == NULL) {
X- perror("tempfilename_generate: mktemp()");
X- exit(1);
X- }
X-
X- if ((fd = open(tmp, O_RDWR | O_CREAT, 0600)) < 0) {
X- perror("tempfilename_generate: open()");
X+ if ((fd = mkstemp(tmp)) < 0) {
X+ perror("tempfilename_generate: mkstemp()");
X exit(1);
X }
X /* unlink right away to make sure no one can tamper with our file */
END-of-./patches/patch-be
echo x - ./patches/patch-bf
sed 's/^X//' >./patches/patch-bf << 'END-of-./patches/patch-bf'
X--- src/Makefile.orig Sun Mar 12 19:55:48 2000
X+++ src/Makefile Sun Mar 12 19:59:08 2000
X@@ -103,8 +103,8 @@
X .c.o:
X $(CC) $(CFLAGS) -c $<
X
X-install: tripwire
X- $(INSTALL) tripwire $(DESTDIR)
X+install: tripwire siggen
X+ $(INSTALL) $> $(DESTDIR)
X
X clean:
X -rm -f $(OFILES) config.lex.c config.pre.c y.tab.c lex.yy.c help.c \
END-of-./patches/patch-bf
echo x - ./Makefile
sed 's/^X//' >./Makefile << 'END-of-./Makefile'
X# New ports collection makefile for: tripwire
X# Version required: 1.2
X# Date created: 31 Mar 1997
X# Whom: Joe Greco <jgreco@ns.sol.net>
X#
X# $FreeBSD: ports/security/tripwire/Makefile,v 1.6 1999/08/31 01:51:56 peter Exp $
X#
X
XDISTNAME= tripwire-1.2
XPKGNAME= ${DISTNAME}
XCATEGORIES= security net
XMASTER_SITES= ftp://coast.cs.purdue.edu/pub/COAST/Tripwire/
XEXTRACT_SUFX= .tar.Z
X
XMAINTAINER= jgreco@ns.sol.net
X
XMAN5= tw.config.5
XMAN8= siggen.8 tripwire.8
XNO_CDROM= "cannot be redistributed for more than the cost of duplication"
XRESTRICTED= "contains crypto class algorithms"
X
Xpost-extract:
X @ (cd ${WRKDIR}; tar xf T1.2.tar)
X
Xpre-configure:
X @ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
X @ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${WRKSRC}/configs/tw.conf.freebsd2
X
Xpost-install:
X @ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${PREFIX}/etc/tw.config
X @ ${SHELL} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
X
X.include <bsd.port.mk>
END-of-./Makefile
echo c - ./pkg
mkdir -p ./pkg > /dev/null 2>&1
echo x - ./pkg/PLIST.orig
sed 's/^X//' >./pkg/PLIST.orig << 'END-of-./pkg/PLIST.orig'
Xbin/tripwire
END-of-./pkg/PLIST.orig
echo x - ./pkg/COMMENT
sed 's/^X//' >./pkg/COMMENT << 'END-of-./pkg/COMMENT'
XFile system security and verification program
END-of-./pkg/COMMENT
echo x - ./pkg/DESCR
sed 's/^X//' >./pkg/DESCR << 'END-of-./pkg/DESCR'
XTripwire is a tool that aids system administrators and
Xusers in monitoring a designated set of files for any changes.
XUsed with system files on a regular (e.g., daily) basis, Tripwire
Xcan notify system administrators of corrupted or tampered files,
Xso damage control measures can be taken in a timely manner.
X
XJoe Greco <jgreco@ns.sol.net>
END-of-./pkg/DESCR
echo x - ./pkg/PLIST
sed 's/^X//' >./pkg/PLIST << 'END-of-./pkg/PLIST'
Xetc/tw.config
Xbin/tripwire
Xbin/siggen
END-of-./pkg/PLIST
echo x - ./pkg/INSTALL
sed 's/^X//' >./pkg/INSTALL << 'END-of-./pkg/INSTALL'
X#!/bin/sh
X
XDBDIR=/var/db/tripwire
Xusage="usage: ${0##*/} pkg_name [ PRE-INSTALL | POST-INSTALL ]"
X
X# XXX: Would really like to have ${PREFIX} from pkg_add instead
X# of assuming /usr/local.
XPREFIX=/usr/local
X
Xif [ $# != 2 ]; then
X echo "${usage}" 1>&2
X exit 1
Xfi
X
Xcase $2 in
X PRE-INSTALL)
X # do nothing.
X ;;
X POST-INSTALL)
X echo "Creating initial tripwire database"
X mkdir -p ${DBDIR} &&
X cd ${DBDIR} &&
X ${PREFIX}/bin/tripwire -initialize &&
X exit 0 ||
X exit 1
X ;;
X *)
X echo "${usage}" 1>&2
X exit 1
X ;;
Xesac
END-of-./pkg/INSTALL
echo x - ./pkg/DESCR.orig
sed 's/^X//' >./pkg/DESCR.orig << 'END-of-./pkg/DESCR.orig'
XTripwire is a tool that aids system administrators and
Xusers in monitoring a designated set of files for any changes.
XUsed with system files on a regular (e.g., daily) basis, Tripwire
Xcan notify system administrators of corrupted or tampered files,
Xso damage control measures can be taken in a timely manner.
X
XIf "TRIPWIRE_FLOPPY" is set to "YES" in the environment or on the
X"make" command line, this port will write the tripwire database to
Xa floppy disk, which should then be write-protected and used as a
Xreference for future runs. The diskette should be formatted and
Xpresent in the "A" drive before starting the "make install" step.
X
XJoe Greco <jgreco@ns.sol.net>
END-of-./pkg/DESCR.orig
echo x - ./Makefile.orig
sed 's/^X//' >./Makefile.orig << 'END-of-./Makefile.orig'
X# New ports collection makefile for: tripwire
X# Version required: 1.2
X# Date created: 31 Mar 1997
X# Whom: Joe Greco <jgreco@ns.sol.net>
X#
X# $FreeBSD: ports/security/tripwire/Makefile,v 1.6 1999/08/31 01:51:56 peter Exp $
X#
X
XDISTNAME= tripwire-1.2
XCATEGORIES= security net
XMASTER_SITES= ftp://coast.cs.purdue.edu/pub/COAST/Tripwire/
XEXTRACT_SUFX= .tar.Z
X
XMAINTAINER= jgreco@ns.sol.net
X
XMAN5= tw.config.5
XMAN8= siggen.8 tripwire.8
XNO_CDROM= "cannot be redistributed for more than the cost of duplication"
XNO_PACKAGE= "requires local database to be built"
XRESTRICTED= "contains crypto class algorithms"
X
Xpost-extract:
X @ (cd ${WRKDIR}; tar xf T1.2.tar)
X
Xpre-configure:
X @ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
X @ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${WRKSRC}/configs/tw.conf.freebsd2
X
Xpost-install:
X @ ${MKDIR} /var/adm/tcheck
X @ ${CP} ${FILESDIR}/tw.conf.freebsd2 /var/adm/tcheck/tw.config
X @ ${ECHO} Creating tripwire database
X @ (cd /var/adm/tcheck; tripwire -initialize)
X.if defined(TRIPWIRE_FLOPPY) && ${TRIPWIRE_FLOPPY} == YES
X @ disklabel -w -B /dev/rfd0c fd1440
X @ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c
X @ mount /dev/fd0c /mnt
X @ ${GZIP_CMD} < ${PREFIX}/bin/tripwire > /mnt/tripwire
X @ ${CP} -p /var/adm/tcheck/tw.config /mnt/tw.config
X @ ${GZIP_CMD} < /var/adm/tcheck/databases/tw.db_`hostname` \
X > /mnt/tw.db_`hostname`.gz
X @ ${CP} -p ${FILESDIR}/twcheck /mnt/twcheck
X @ ${GZIP_CMD} < /usr/bin/gunzip > /mnt/gunzip
X @ ${CHMOD} 555 /mnt/tripwire /mnt/gunzip /mnt/twcheck
X @ umount /mnt
X @ ${ECHO} Do not forget to remove and write-protect the floppy.
X.endif
X
X.include <bsd.port.mk>
END-of-./Makefile.orig
exit
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003130400.XAA78103>