Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 12 Mar 2000 23:00:55 -0500 (EST)
From:      adrian@ubergeeks.com
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/17350: patches for tripwire: mktemp() and more 
Message-ID:  <200003130400.XAA78103@newbie.cho.cstone.net>

next in thread | raw e-mail | index | archive | help

>Number:         17350
>Category:       ports
>Synopsis:       tripwire used mktemp(), siggen not installed, not packagable
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 12 20:10:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     Adrian Filipi-Martin
>Release:        FreeBSD 3.4-RELEASE i386
>Organization:
Ubergeeks Consulting
>Environment:

	Under 3.4-RELEASE with /usr/ports from 03/08/00.

>Description:

	Three problems:

	(1) siggen(8) had it's manpage installed, but the binary was not
	installed.

	(2) Linking produced warnings about using mktemp(3) in possibly
	insecure ways.  Source is probably vulnerable to race-conditions
	in /tmp.

	(3) The port could not be used to make a package, even if it could
	not be distributed as such.

>How-To-Repeat:

	cd /usr/ports/security/tripwire
	make
	make package
	man siggen
	siggen

>Fix:
	
	Attached is a sharfile containing the "fixed" port.  The .orig
	files can be used to generate diff's for the port related files.
	Note a XXX.orig file with no corresponting XXX file indicates 
	that the file, XXX, was removed.

	The patches/patch-b? files are the patches necessary to replace
	all uses of mktemp(3) with mkstemp(3).  The look fine and work 
	for me, but I would welcome another set of eyes making sure I
	didn't blow the semantics of the code in a subtle manner.

	To make the port more "packagable", I removed the "make a floppy"
	feature of the top level makefile.  This isn't a great loss
	since it is not a valid means of maintaining the tripwire
	database files over the long haul.

	While at it, I also silenced bogus warning about files that
	do not normally exist under 4.4BSD and its derivatives.  I also
	took the liberty of relocating the DB from /var/adm to /var/db
	since this is a more consistent use of the /var hierarchy.

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	.
#	./files
#	./files/tw.conf.freebsd2.orig
#	./files/conf-freebsd2.h
#	./files/md5
#	./files/tw.conf.freebsd2
#	./files/twcheck.orig
#	./patches
#	./patches/patch-aa.orig
#	./patches/patch-aa
#	./patches/patch-ab
#	./patches/patch-ac
#	./patches/patch-ba
#	./patches/patch-bb
#	./patches/patch-bc
#	./patches/patch-bd
#	./patches/patch-be
#	./patches/patch-bf
#	./Makefile
#	./pkg
#	./pkg/PLIST.orig
#	./pkg/COMMENT
#	./pkg/DESCR
#	./pkg/PLIST
#	./pkg/INSTALL
#	./pkg/DESCR.orig
#	./Makefile.orig
#
echo c - .
mkdir -p . > /dev/null 2>&1
echo c - ./files
mkdir -p ./files > /dev/null 2>&1
echo x - ./files/tw.conf.freebsd2.orig
sed 's/^X//' >./files/tw.conf.freebsd2.orig << 'END-of-./files/tw.conf.freebsd2.orig'
X# $FreeBSD: ports/security/tripwire/files/tw.conf.freebsd2,v 1.5 1999/08/31 01:51:58 peter Exp $
X#
X# tripwire.config
X# Generic version for FreeBSD
X#  Will need editing...see comments below
X#
X# This file contains a list of files and directories that System 
X# Preener will scan.  Information collected from these files will be 
X# stored in the tripwire.database file.
X#
X# Format: 			[!|=] entry [ignore-flags]
X#
X# where:	 '!' signifies the entry is to be pruned (inclusive) from
X#				the list of files to be scanned.
X#		 '=' signifies the entry is to be added, but if it is
X#				a directory, then all its contents are pruned
X#				(useful for /tmp).
X#
X# where:	entry is the absolute pathname of a file or a directory
X#
X# where ignore-flags are in the format:
X#		[template][ [+|-][pinugsam12] ... ]
X#
X# 	- :  ignore the following atributes
X#	+ :  do not ignore the following attributes
X#
X#	p :  permission and file mode bits 	a: access timestamp
X#	i :  inode number			m: modification timestamp
X#	n :  number of links (ref count)	c: inode creation timestamp
X#	u :  user id of owner			1: signature 1
X#	g :  group id of owner			2: signature 2
X#	s :  size of file
X#
X#
X# Ex:   The following entry will scan all the files in /etc, and report
X#	any changes in mode bits, inode number, reference count, uid,
X#	gid, modification and creation timestamp, and the signatures.
X#	However, it will ignore any changes in the access timestamp.
X#
X#	/etc	+pinugsm12-a
X#
X# The following templates have been pre-defined to make these long ignore
X# mask descriptions unecessary.
X#
X# Templates: 	(default)	R :  [R]ead-only (+pinugsm12-a)
X#				L :  [L]og file (+pinug-sam12)
X#				N :  ignore [N]othing (+pinusgsamc12)
X#				E :  ignore [E]verything (-pinusgsamc12)
X#
X# By default, Tripwire uses the R template -- it ignores
X# only the access timestamp.
X#
X# You can use templates with modifiers, like:
X#	Ex:  /etc/lp	E+ug
X#
X#	Example configuration file:
X#		/etc		R	# all system files
X#		!/etc/lp	R	# ...but not those logs
X#		=/tmp		N	# just the directory, not its files
X#
X# Note the difference between pruning (via "!") and ignoring everything
X# (via "E" template):  Ignoring everything in a directory still monitors
X# for added and deleted files.  Pruning a directory will prevent Tripwire
X# from even looking in the specified directory.
X#
X#
X# Tripwire running slowly?  Modify your tripwire.config entries to
X# ignore the (signature 2) attribute when this computationally-exorbitant 
X# protection is not needed.  (See README and design document for further
X# details.)
X#
X
X#  First, root's traditional "home".  Note that FreeBSD's root's home (/root)
X#  is protected by R-2 protections in the default config file.
X=/		L
X/.rhosts	R	# may not exist
X/.profile	R	# may not exist
X/.cshrc		R	# may not exist
X/.login		R	# may not exist
X/.exrc		R	# may not exist
X/.logout	R	# may not exist
X/.forward	R	# may not exist
X
X# Unix itself
X/kernel		R
X
X# /bin
X/bin		R-2
X
X# /dev
X/dev	 	L
X
X# /etc
X/etc			R-2
X/etc/aliases	 	L
X/etc/dumpdates		L
X/etc/motd		L
X
X# my passwd database should be static at time of system build.  yours may
X# not be, if not, uncomment the lines below.
X
X# /etc/passwd		L
X# /etc/master.passwd	L
X# /etc/pwd.db		L
X# /etc/spwd.db		L
X
X# /home
X=/home
X
X# /lkm and /modules
X/lkm			R-2
X/modules		R-2
X
X# /boot
X/boot			R-2
X
X# /root
X/root			R-2
X/root/.history		L
X
X# /sbin
X/sbin			R-2
X
X# /stand
X/stand			R-2
X
X# /usr/bin
X/usr/bin		R-2
X
X/usr/include		R-12
X
X/usr/lib		R-2
X
X/usr/libdata		R-2
X
X/usr/libexec		R-2
X
X/usr/local/bin		R-2
X
X/usr/local/etc		L
X
X/usr/local/lib		R-2
X
X/usr/local/libexec	R-2
X
X/usr/local/sbin		R-2
X
X/usr/local/share	R-2
X
X/usr/sbin		R-2
X
X/usr/share		R-2
X
X###########################################
END-of-./files/tw.conf.freebsd2.orig
echo x - ./files/conf-freebsd2.h
sed 's/^X//' >./files/conf-freebsd2.h << 'END-of-./files/conf-freebsd2.h'
X/* $FreeBSD: ports/security/tripwire/files/conf-freebsd2.h,v 1.2 1999/08/31 01:51:57 peter Exp $ */
X
X/*
X * conf-freebsd2.h
X *
X *	Tripwire configuration file
X *
X * Joe Greco
X * sol.net Network Services
X * Derived from the other BSD config.h's
X */
X
X/***
X *** Operating System specifics
X ***	
X ***	If the answer to a question in the comment is "Yes", then
X ***	change the corresponding "#undef" to a "#define"
X ***/
X
X/*
X * is your OS a System V derivitive?  if so, what version?
X *			(e.g., define SYSV 4)
X */
X
X#undef SYSV
X
X/* 
X * does your system have a <malloc.h> like System V? 
X */
X
X#undef MALLOCH 	
X
X/* 
X * does your system have a <stdlib.h> like POSIX says you should? 
X */
X
X#define STDLIBH
X
X/*
X * does your system use readdir(3) that returns (struct dirent *)?
X */
X
X#define DIRENT
X
X/*
X * is #include <string.h> ok?  (as opposed to <strings.h>)
X */
X
X#define STRINGH
X 
X/* 
X * does your system have gethostname(2) (instead of uname(2))?
X */
X
X#define GETHOSTNAME
END-of-./files/conf-freebsd2.h
echo x - ./files/md5
sed 's/^X//' >./files/md5 << 'END-of-./files/md5'
XMD5 (tripwire-1.2.tar.Z) = c82e0327e0caa1821e3e564fa1938d88
END-of-./files/md5
echo x - ./files/tw.conf.freebsd2
sed 's/^X//' >./files/tw.conf.freebsd2 << 'END-of-./files/tw.conf.freebsd2'
X# $FreeBSD: ports/security/tripwire/files/tw.conf.freebsd2,v 1.5 1999/08/31 01:51:58 peter Exp $
X#
X# tripwire.config
X# Generic version for FreeBSD
X#  Will need editing...see comments below
X#
X# This file contains a list of files and directories that System 
X# Preener will scan.  Information collected from these files will be 
X# stored in the tripwire.database file.
X#
X# Format: 			[!|=] entry [ignore-flags]
X#
X# where:	 '!' signifies the entry is to be pruned (inclusive) from
X#				the list of files to be scanned.
X#		 '=' signifies the entry is to be added, but if it is
X#				a directory, then all its contents are pruned
X#				(useful for /tmp).
X#
X# where:	entry is the absolute pathname of a file or a directory
X#
X# where ignore-flags are in the format:
X#		[template][ [+|-][pinugsam12] ... ]
X#
X# 	- :  ignore the following atributes
X#	+ :  do not ignore the following attributes
X#
X#	p :  permission and file mode bits 	a: access timestamp
X#	i :  inode number			m: modification timestamp
X#	n :  number of links (ref count)	c: inode creation timestamp
X#	u :  user id of owner			1: signature 1
X#	g :  group id of owner			2: signature 2
X#	s :  size of file
X#
X#
X# Ex:   The following entry will scan all the files in /etc, and report
X#	any changes in mode bits, inode number, reference count, uid,
X#	gid, modification and creation timestamp, and the signatures.
X#	However, it will ignore any changes in the access timestamp.
X#
X#	/etc	+pinugsm12-a
X#
X# The following templates have been pre-defined to make these long ignore
X# mask descriptions unecessary.
X#
X# Templates: 	(default)	R :  [R]ead-only (+pinugsm12-a)
X#				L :  [L]og file (+pinug-sam12)
X#				N :  ignore [N]othing (+pinusgsamc12)
X#				E :  ignore [E]verything (-pinusgsamc12)
X#
X# By default, Tripwire uses the R template -- it ignores
X# only the access timestamp.
X#
X# You can use templates with modifiers, like:
X#	Ex:  /etc/lp	E+ug
X#
X#	Example configuration file:
X#		/etc		R	# all system files
X#		!/etc/lp	R	# ...but not those logs
X#		=/tmp		N	# just the directory, not its files
X#
X# Note the difference between pruning (via "!") and ignoring everything
X# (via "E" template):  Ignoring everything in a directory still monitors
X# for added and deleted files.  Pruning a directory will prevent Tripwire
X# from even looking in the specified directory.
X#
X#
X# Tripwire running slowly?  Modify your tripwire.config entries to
X# ignore the (signature 2) attribute when this computationally-exorbitant 
X# protection is not needed.  (See README and design document for further
X# details.)
X#
X
X#  First, root's traditional "home".  Note that FreeBSD's root's home (/root)
X#  is protected by R-2 protections in the default config file.
X=/		L
X#/.rhosts	R	# may not exist
X#/.profile	R	# may not exist
X#/.cshrc	R	# may not exist
X#/.login	R	# may not exist
X#/.exrc		R	# may not exist
X#/.logout	R	# may not exist
X#/.forward	R	# may not exist
X
X# Unix itself
X/kernel		R
X
X# /bin
X/bin		R-2
X
X# /dev
X/dev	 	L
X
X# /etc
X/etc			R-2
X/etc/aliases	 	L
X/etc/dumpdates		L
X/etc/motd		L
X
X# my passwd database should be static at time of system build.  yours may
X# not be, if not, uncomment the lines below.
X
X# /etc/passwd		L
X# /etc/master.passwd	L
X# /etc/pwd.db		L
X# /etc/spwd.db		L
X
X# /home
X=/home
X
X# /lkm and /modules
X/lkm			R-2
X/modules		R-2
X
X# /boot
X/boot			R-2
X
X# /root
X/root			R-2
X/root/.history		L
X
X# /sbin
X/sbin			R-2
X
X# /stand
X/stand			R-2
X
X# /usr/bin
X/usr/bin		R-2
X
X/usr/include		R-12
X
X/usr/lib		R-2
X
X/usr/libdata		R-2
X
X/usr/libexec		R-2
X
X/usr/local/bin		R-2
X
X/usr/local/etc		L
X
X/usr/local/lib		R-2
X
X/usr/local/libexec	R-2
X
X/usr/local/sbin		R-2
X
X/usr/local/share	R-2
X
X/usr/sbin		R-2
X
X/usr/share		R-2
X
X###########################################
END-of-./files/tw.conf.freebsd2
echo x - ./files/twcheck.orig
sed 's/^X//' >./files/twcheck.orig << 'END-of-./files/twcheck.orig'
X#! /bin/sh -
X
X./gunzip < tw.db_`hostname`.gz | ./tripwire -dfd 0 -c tw.config
END-of-./files/twcheck.orig
echo c - ./patches
mkdir -p ./patches > /dev/null 2>&1
echo x - ./patches/patch-aa.orig
sed 's/^X//' >./patches/patch-aa.orig << 'END-of-./patches/patch-aa.orig'
X*** include/config.h.orig	Fri Jul 15 06:02:52 1994
X--- include/config.h	Sun Dec 31 18:56:20 1989
X***************
X*** 17,23 ****
X   ***	file that corresponds with your operating system.
X   ***/
X  
X! #include "../configs/conf-svr4.h"
X  
X  #ifdef TW_TYPE32
X  typedef TW_TYPE32 int32;
X--- 17,23 ----
X   ***	file that corresponds with your operating system.
X   ***/
X  
X! #include "../configs/conf-freebsd2.h"
X  
X  #ifdef TW_TYPE32
X  typedef TW_TYPE32 int32;
X***************
X*** 103,110 ****
X  #endif
X  */
X  
X! #define CONFIG_PATH     "/tmp/genek"
X! #define DATABASE_PATH   "/tmp/genek"
X  
X  /******* name of Tripwire files **************************************
X   *
X--- 103,110 ----
X  #endif
X  */
X  
X! # define CONFIG_PATH     "/var/adm/tcheck"
X! # define DATABASE_PATH   "/var/adm/tcheck/databases"
X  
X  /******* name of Tripwire files **************************************
X   *
END-of-./patches/patch-aa.orig
echo x - ./patches/patch-aa
sed 's/^X//' >./patches/patch-aa << 'END-of-./patches/patch-aa'
X*** include/config.h.orig	Fri Jul 15 06:02:52 1994
X--- include/config.h	Sun Dec 31 18:56:20 1989
X***************
X*** 17,23 ****
X   ***	file that corresponds with your operating system.
X   ***/
X  
X! #include "../configs/conf-svr4.h"
X  
X  #ifdef TW_TYPE32
X  typedef TW_TYPE32 int32;
X--- 17,23 ----
X   ***	file that corresponds with your operating system.
X   ***/
X  
X! #include "../configs/conf-freebsd2.h"
X  
X  #ifdef TW_TYPE32
X  typedef TW_TYPE32 int32;
X***************
X*** 103,110 ****
X  #endif
X  */
X  
X! #define CONFIG_PATH     "/tmp/genek"
X! #define DATABASE_PATH   "/tmp/genek"
X  
X  /******* name of Tripwire files **************************************
X   *
X--- 103,110 ----
X  #endif
X  */
X  
X! # define CONFIG_PATH     "/usr/local/etc"
X! # define DATABASE_PATH   "/var/db/tripwire"
X  
X  /******* name of Tripwire files **************************************
X   *
END-of-./patches/patch-aa
echo x - ./patches/patch-ab
sed 's/^X//' >./patches/patch-ab << 'END-of-./patches/patch-ab'
X*** Makefile.orig	Mon Jul 25 10:59:41 1994
X--- Makefile	Thu Jan  2 12:04:35 1997
X***************
X*** 12,21 ****
X  ###
X  
X  # destination directory for final executables
X! DESTDIR = /secureplace/bin
X  
X  # destination for man pages
X! MANDIR  = /usr/man
X  
X  # system utilities
X  LEX	= lex
X--- 12,21 ----
X  ###
X  
X  # destination directory for final executables
X! DESTDIR = /usr/local/bin
X  
X  # destination for man pages
X! MANDIR  = /usr/local/man
X  
X  # system utilities
X  LEX	= lex
X***************
X*** 60,66 ****
X  #CPP	= /lib/cpp		# on older systems
X  
X  # make sure libraries are not linked dynamically (as a security measure)
X! LDFLAGS=			# common
X  #LDFLAGS= -non_shared		# OSF/1
X  #LDFLAGS= -Bstatic		# SunOS 4 (cannot statically link tripwire
X                            	#          on Solaris 2.3)
X--- 60,67 ----
X  #CPP	= /lib/cpp		# on older systems
X  
X  # make sure libraries are not linked dynamically (as a security measure)
X! LDFLAGS= -static
X! #LDFLAGS=			# common
X  #LDFLAGS= -non_shared		# OSF/1
X  #LDFLAGS= -Bstatic		# SunOS 4 (cannot statically link tripwire
X                            	#          on Solaris 2.3)
END-of-./patches/patch-ab
echo x - ./patches/patch-ac
sed 's/^X//' >./patches/patch-ac << 'END-of-./patches/patch-ac'
XThis patch eliminates a compiler warning about LITTLE_ENDIAN begin
Xredefined.
X
X*** sigs/sha/sha.c.orig	Mon Jul 25 08:46:45 1994
X--- sigs/sha/sha.c	Mon Mar 31 19:55:23 1997
X***************
X*** 47,52 ****
X--- 47,54 ----
X  #include "sha.h"
X  
X  #if BYTEORDER == 0x1234
X+ #undef BIG_ENDIAN
X+ #undef LITTLE_ENDIAN
X  #define LITTLE_ENDIAN
X  #endif
X  
END-of-./patches/patch-ac
echo x - ./patches/patch-ba
sed 's/^X//' >./patches/patch-ba << 'END-of-./patches/patch-ba'
X--- src/config.parse.c.orig	Sun Mar 12 18:56:09 2000
X+++ src/config.parse.c	Sun Mar 12 19:04:00 2000
X@@ -55,7 +55,7 @@
X #endif
X 
X /* prototypes */
X-char *mktemp();
X+int mkstemp();
X static void configfile_descend();
X 
X #ifndef L_tmpnam
X@@ -82,6 +82,7 @@
X     struct list **pp_entry_list;
X {
X     FILE 	*fpin, *fpout = (FILE *) NULL;
X+    int		fd;
X     char	filename[MAXPATHLEN+512];
X     char	ignorestring[1024];
X     char	s[MAXPATHLEN+1024];
X@@ -98,18 +99,6 @@
X     if (!printpreprocess && !quietmode)
X 	fputs("### Phase 1:   Reading configuration file\n", stderr);
X 
X-    /* generate temporary file name */
X-    if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
X-	perror("configfile_read: malloc()");
X-	exit(1);
X-    };
X-    (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
X-
X-    if ((char *) mktemp(tmpfilename) == NULL) {
X-	perror("configfile_read: mktemp()");
X-	exit(1);
X-    }
X-
X     /* generate configuration file name */
X     if (specified_configmode != SPECIFIED_FILE)
X 	sprintf(configfile, "%s/%s", config_path, config_file);
X@@ -149,8 +138,20 @@
X 
X     err = umask(077);  /* to protect the tempfile */
X 
X-    if ((fpout = fopen(tmpfilename, "w+")) == NULL) {
X-	sprintf(s, "tripwire: Couldn't open config file '%s'", configfile);
X+    /* generate temporary file name */
X+    if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
X+	perror("configfile_read: malloc()");
X+	exit(1);
X+    };
X+    (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
X+
X+    if ((fd = mkstemp(tmpfilename)) == -1) {
X+	perror("configfile_read: mkstemp()");
X+	exit(1);
X+    }
X+
X+    if ((fpout = fdopen(fd, "w+")) == NULL) {
X+	sprintf(s, "tripwire: Couldn't open tem config file '%s'", tmpfilename);
X 	perror(s);
X 	exit(1);
X     }
END-of-./patches/patch-ba
echo x - ./patches/patch-bb
sed 's/^X//' >./patches/patch-bb << 'END-of-./patches/patch-bb'
X--- src/dbase.build.c.orig	Sun Mar 12 18:51:12 2000
X+++ src/dbase.build.c	Sun Mar 12 19:22:29 2000
X@@ -66,7 +66,7 @@
X int files_scanned_num = 0;
X 
X /* prototypes */
X-char *mktemp();
X+int mkstemp();
X static void database_record_write();
X 
X char backupfile[MAXPATHLEN+256];
X@@ -123,27 +123,6 @@
X 
X     oldumask = umask(077);
X 
X-    /* where do we write the new database? */
X-    if (mode == DBASE_TEMPORARY) {
X-	char *tmpfilename = (char *) malloc(strlen(TEMPFILE_TEMPLATE)+1);
X-	if (tmpfilename == NULL)
X-	    die_with_err("malloc() failed in database_build", (char *) NULL);
X-	(void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
X-
X-	if ((char *) mktemp(tmpfilename) == NULL)
X-	    die_with_err("database_build: mktemp()", (char *) NULL);
X-
X-	(void) strcpy(tempdatabase_file, tmpfilename);
X-	(void) strcpy(database, tempdatabase_file);
X-	free(tmpfilename);
X-    }					/* end if temporary database */
X-    else if (mode == DBASE_UPDATE) {
X-	sprintf(database, "./databases/%s", database_file);
X-    }					/* end if update mode */
X-    else {			
X-	sprintf(database, "%s/%s", database_path, database_file);
X-    }					/* end if non-temporary database */
X-
X     /* back up any existing database */
X     if (mode == DBASE_UPDATE) {
X 	FILE *fpin, *fpout;
X@@ -223,9 +202,35 @@
X 	}
X     }
X 
X+    /* where do we write the new database? */
X+    if (mode == DBASE_TEMPORARY) {
X+	int fd;
X+	char *tmpfilename = (char *) malloc(strlen(TEMPFILE_TEMPLATE)+1);
X+	if (tmpfilename == NULL)
X+	    die_with_err("malloc() failed in database_build", (char *) NULL);
X+	(void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
X+
X+	if ((fd = mkstemp(tmpfilename)) == -1)
X+	    die_with_err("database_build: mkstemp(%s)", tmpfilename);
X+
X+	(void) strcpy(tempdatabase_file, tmpfilename);
X+	(void) strcpy(database, tempdatabase_file);
X+	free(tmpfilename);
X+	if ((fpw = fdopen(fd, "w")) == NULL)
X+	    die_with_err("fdopen() failed.", (char *) NULL);
X+    }					/* end if temporary database */
X+    else {
X+	if (mode == DBASE_UPDATE) {
X+	    sprintf(database, "./databases/%s", database_file);
X+	}				/* end if update mode */
X+	else {			
X+	    sprintf(database, "%s/%s", database_path, database_file);
X+	}				/* end if non-temporary database */
X+	if ((fpw = fopen(database, "w")) == NULL)
X+	    die_with_err("Hint: Maybe the database directory '%s' doesn't exist?  fopen()", database);
X+    }
X+
X     /* rebuild the database */
X-    if ((fpw = fopen(database, "w")) == NULL)
X-	die_with_err("Hint: Maybe the database directory '%s' doesn't exist?  fopen()", database);
X 
X     (void) umask(oldumask);
X 
END-of-./patches/patch-bb
echo x - ./patches/patch-bc
sed 's/^X//' >./patches/patch-bc << 'END-of-./patches/patch-bc'
X--- src/preen.c.orig	Sun Mar 12 19:22:54 2000
X+++ src/preen.c	Sun Mar 12 19:23:04 2000
X@@ -37,7 +37,6 @@
X static int numentriesread = 0;		/* running count of @@contents */
X 
X /* prototypes */
X-char *mktemp();
X static void olddbasefile_load();
X 
X char *updatemodes[] = {
END-of-./patches/patch-bc
echo x - ./patches/patch-bd
sed 's/^X//' >./patches/patch-bd << 'END-of-./patches/patch-bd'
X--- src/siggen.c.orig	Sun Mar 12 18:46:47 2000
X+++ src/siggen.c	Sun Mar 12 18:50:54 2000
X@@ -52,7 +52,7 @@
X 
X extern int optind;
X int debuglevel = 0;
X-char *mktemp();
X+int mkstemp();
X 
X int (*pf_signatures [NUM_SIGS]) () = {
X 					SIG0FUNC,
X@@ -165,6 +165,7 @@
X 
X     if (readstdin) {
X 	FILE *fpout;
X+	int fd;
X 	/* generate temporary file name */
X 	if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
X 	    perror("main: malloc()");
X@@ -172,15 +173,15 @@
X 	};
X 	(void) strcpy(tmpfilename, "/tmp/twzXXXXXX");
X 
X-	if ((char *) mktemp(tmpfilename) == NULL) {
X-	    perror("siggen: mktemp()");
X+	if ((fd = mkstemp(tmpfilename)) == -1) {
X+	    perror("siggen: mkstemp()");
X 	    exit(1);
X 	}
X 
X 	/*  output */
X-	if (!(fpout = fopen(tmpfilename, "w"))) {
X+	if (!(fpout = fdopen(fd, "w"))) {
X 	    char err[1024];
X-	    sprintf(err, "main: fopen(%s)", tmpfilename);
X+	    sprintf(err, "main: fdopen(%d)", fd);
X 	    perror(err);
X 	    exit(1);
X 	}
END-of-./patches/patch-bd
echo x - ./patches/patch-be
sed 's/^X//' >./patches/patch-be << 'END-of-./patches/patch-be'
X--- src/utils.c.orig	Sun Mar 12 18:43:45 2000
X+++ src/utils.c	Sun Mar 12 18:46:30 2000
X@@ -789,13 +789,8 @@
X     int fd;
X 
X     (void) strcpy(tmp, TEMPFILE_TEMPLATE);
X-    if ((char *) mktemp(tmp) == NULL) {
X-	perror("tempfilename_generate: mktemp()");
X-	exit(1);
X-    }
X-
X-    if ((fd = open(tmp, O_RDWR | O_CREAT, 0600)) < 0) {
X-	perror("tempfilename_generate: open()");
X+    if ((fd = mkstemp(tmp)) < 0) {
X+	perror("tempfilename_generate: mkstemp()");
X 	exit(1);
X     }
X     /* unlink right away to make sure no one can tamper with our file */
END-of-./patches/patch-be
echo x - ./patches/patch-bf
sed 's/^X//' >./patches/patch-bf << 'END-of-./patches/patch-bf'
X--- src/Makefile.orig	Sun Mar 12 19:55:48 2000
X+++ src/Makefile	Sun Mar 12 19:59:08 2000
X@@ -103,8 +103,8 @@
X .c.o:
X 	$(CC) $(CFLAGS) -c $<
X 
X-install:	tripwire
X-	$(INSTALL) tripwire $(DESTDIR)
X+install:	tripwire siggen
X+	$(INSTALL) $> $(DESTDIR)
X 
X clean:
X 	-rm -f $(OFILES) config.lex.c config.pre.c y.tab.c lex.yy.c help.c \
END-of-./patches/patch-bf
echo x - ./Makefile
sed 's/^X//' >./Makefile << 'END-of-./Makefile'
X# New ports collection makefile for:	tripwire
X# Version required:     1.2
X# Date created:		31 Mar 1997
X# Whom:			Joe Greco <jgreco@ns.sol.net>
X#
X# $FreeBSD: ports/security/tripwire/Makefile,v 1.6 1999/08/31 01:51:56 peter Exp $
X#
X
XDISTNAME=       tripwire-1.2
XPKGNAME=	${DISTNAME}
XCATEGORIES=	security net
XMASTER_SITES=   ftp://coast.cs.purdue.edu/pub/COAST/Tripwire/
XEXTRACT_SUFX=	.tar.Z
X
XMAINTAINER=	jgreco@ns.sol.net
X
XMAN5=		tw.config.5
XMAN8=		siggen.8 tripwire.8
XNO_CDROM=	"cannot be redistributed for more than the cost of duplication"
XRESTRICTED=	"contains crypto class algorithms"
X
Xpost-extract:
X	@ (cd ${WRKDIR}; tar xf T1.2.tar)
X
Xpre-configure:
X	@ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
X	@ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${WRKSRC}/configs/tw.conf.freebsd2
X
Xpost-install:
X	@ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${PREFIX}/etc/tw.config
X	@ ${SHELL} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
X
X.include <bsd.port.mk>
END-of-./Makefile
echo c - ./pkg
mkdir -p ./pkg > /dev/null 2>&1
echo x - ./pkg/PLIST.orig
sed 's/^X//' >./pkg/PLIST.orig << 'END-of-./pkg/PLIST.orig'
Xbin/tripwire
END-of-./pkg/PLIST.orig
echo x - ./pkg/COMMENT
sed 's/^X//' >./pkg/COMMENT << 'END-of-./pkg/COMMENT'
XFile system security and verification program
END-of-./pkg/COMMENT
echo x - ./pkg/DESCR
sed 's/^X//' >./pkg/DESCR << 'END-of-./pkg/DESCR'
XTripwire is a tool that aids system administrators and
Xusers in monitoring a designated set of files for any changes.
XUsed with system files on a regular (e.g., daily) basis, Tripwire
Xcan notify system administrators of corrupted or tampered files,
Xso damage control measures can be taken in a timely manner.
X
XJoe Greco <jgreco@ns.sol.net>
END-of-./pkg/DESCR
echo x - ./pkg/PLIST
sed 's/^X//' >./pkg/PLIST << 'END-of-./pkg/PLIST'
Xetc/tw.config
Xbin/tripwire
Xbin/siggen
END-of-./pkg/PLIST
echo x - ./pkg/INSTALL
sed 's/^X//' >./pkg/INSTALL << 'END-of-./pkg/INSTALL'
X#!/bin/sh
X
XDBDIR=/var/db/tripwire
Xusage="usage: ${0##*/} pkg_name [ PRE-INSTALL | POST-INSTALL ]"
X
X# XXX: Would really like to have ${PREFIX} from pkg_add instead 
X#      of assuming /usr/local.
XPREFIX=/usr/local
X
Xif [ $# != 2 ]; then
X    echo "${usage}" 1>&2
X    exit 1
Xfi
X
Xcase $2 in
X    PRE-INSTALL)
X	# do nothing.
X        ;;
X    POST-INSTALL)
X	echo "Creating initial tripwire database"
X	mkdir -p ${DBDIR} &&
X	    cd ${DBDIR} && 
X	    ${PREFIX}/bin/tripwire -initialize &&
X	    exit 0 ||
X	    exit 1
X        ;;
X    *)
X        echo "${usage}" 1>&2
X        exit 1
X        ;;
Xesac
END-of-./pkg/INSTALL
echo x - ./pkg/DESCR.orig
sed 's/^X//' >./pkg/DESCR.orig << 'END-of-./pkg/DESCR.orig'
XTripwire is a tool that aids system administrators and
Xusers in monitoring a designated set of files for any changes.
XUsed with system files on a regular (e.g., daily) basis, Tripwire
Xcan notify system administrators of corrupted or tampered files,
Xso damage control measures can be taken in a timely manner.
X
XIf "TRIPWIRE_FLOPPY" is set to "YES" in the environment or on the
X"make" command line, this port will write the tripwire database to
Xa floppy disk, which should then be write-protected and used as a
Xreference for future runs.  The diskette should be formatted and
Xpresent in the "A" drive before starting the "make install" step.
X
XJoe Greco <jgreco@ns.sol.net>
END-of-./pkg/DESCR.orig
echo x - ./Makefile.orig
sed 's/^X//' >./Makefile.orig << 'END-of-./Makefile.orig'
X# New ports collection makefile for:	tripwire
X# Version required:     1.2
X# Date created:		31 Mar 1997
X# Whom:			Joe Greco <jgreco@ns.sol.net>
X#
X# $FreeBSD: ports/security/tripwire/Makefile,v 1.6 1999/08/31 01:51:56 peter Exp $
X#
X
XDISTNAME=       tripwire-1.2
XCATEGORIES=	security net
XMASTER_SITES=   ftp://coast.cs.purdue.edu/pub/COAST/Tripwire/
XEXTRACT_SUFX=	.tar.Z
X
XMAINTAINER=	jgreco@ns.sol.net
X
XMAN5=		tw.config.5
XMAN8=		siggen.8 tripwire.8
XNO_CDROM=	"cannot be redistributed for more than the cost of duplication"
XNO_PACKAGE=	"requires local database to be built"
XRESTRICTED=	"contains crypto class algorithms"
X
Xpost-extract:
X	@ (cd ${WRKDIR}; tar xf T1.2.tar)
X
Xpre-configure:
X	@ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
X	@ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${WRKSRC}/configs/tw.conf.freebsd2
X
Xpost-install:
X	@ ${MKDIR} /var/adm/tcheck
X	@ ${CP} ${FILESDIR}/tw.conf.freebsd2 /var/adm/tcheck/tw.config
X	@ ${ECHO} Creating tripwire database
X	@ (cd /var/adm/tcheck; tripwire -initialize)
X.if defined(TRIPWIRE_FLOPPY) && ${TRIPWIRE_FLOPPY} == YES
X	@ disklabel -w -B /dev/rfd0c fd1440
X	@ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c
X	@ mount /dev/fd0c /mnt
X	@ ${GZIP_CMD} < ${PREFIX}/bin/tripwire > /mnt/tripwire
X	@ ${CP} -p /var/adm/tcheck/tw.config /mnt/tw.config
X	@ ${GZIP_CMD} < /var/adm/tcheck/databases/tw.db_`hostname` \
X		> /mnt/tw.db_`hostname`.gz
X	@ ${CP} -p ${FILESDIR}/twcheck /mnt/twcheck
X	@ ${GZIP_CMD} < /usr/bin/gunzip > /mnt/gunzip
X	@ ${CHMOD} 555 /mnt/tripwire /mnt/gunzip /mnt/twcheck
X	@ umount /mnt
X	@ ${ECHO} Do not forget to remove and write-protect the floppy.
X.endif
X
X.include <bsd.port.mk>
END-of-./Makefile.orig
exit


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003130400.XAA78103>