kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

- Fix some of the compiler warnings (see patches/patch-warnings)

Browse source 
- Fix the Makefiles to obey the CC and CFLAGS settings
- Fix patches/patch-ab to be PREFIX/LOCALBASE safe
- Fix the post-install to not compress the gunzip and tripwire executables
  that go onto a floppy -- there is no support for the gzip-ed ELF binaries
  at all, and even for the older AOUT ones such support was optional
- Replaces the /kernel with `sysctl -n kern.bootfile` in the tw.conf as the
  tw.conf.freebsd2 is copied into the right place.
- Replace the use of mktemp(3) with tmpfile(3) (see patches/patch-mktemp).
  This also caused a removal of a few buffers (of size MAXPATHLEN+256) and
  quite a few strcpy and sprintf invocations.

PR:		18634
Submitted by:	Mikhail Teterin <mi@aldan.algebra.com>
This commit is contained in:
Steve Price 2000-05-29 02:27:45 +00:00
parent fd7636eb2a
commit 0a9a4b5bd2
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=28852
13 changed files with 715 additions and 87 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
security/tripwire-131/Makefile
View file

@ -20,30 +20,38 @@ NO_PACKAGE= "requires local database to be built"
RESTRICTED= "contains crypto class algorithms"
post-extract:
@ (cd ${WRKDIR}; tar xf T1.2.tar)
@ (cd ${WRKDIR}; tar xpf T1.2.tar)
post-patch:
@${PERL} -pi -e 's|/secureplace/bin|${PREFIX}/bin|g;' \
-e 's|/usr/man|${PREFIX}/man|g;' ${WRKSRC}/Makefile
pre-configure:
@ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
@ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${WRKSRC}/configs/tw.conf.freebsd2
@ ${SED} s%/kernel%`sysctl -bn kern.bootfile`% \
< ${FILESDIR}/tw.conf.freebsd2 \
> ${WRKSRC}/configs/tw.conf.freebsd2
post-install:
@ ${MKDIR} /var/adm/tcheck
@ ${CP} ${FILESDIR}/tw.conf.freebsd2 /var/adm/tcheck/tw.config
@ ${ECHO} Creating tripwire database
# Creating tripwire database
@ (cd /var/adm/tcheck; tripwire -initialize)
.if defined(TRIPWIRE_FLOPPY) && ${TRIPWIRE_FLOPPY} == YES
# preparing the floppy
@ disklabel -w -B /dev/rfd0c fd1440
@ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c
@ mount /dev/fd0c /mnt
@ ${GZIP_CMD} < ${PREFIX}/bin/tripwire > /mnt/tripwire
mount /dev/fd0c /mnt
# transferring things to the floppy
@ ${CP} -p /var/adm/tcheck/tw.config /mnt/tw.config
@ ${GZIP_CMD} < /var/adm/tcheck/databases/tw.db_`hostname` \
> /mnt/tw.db_`hostname`.gz
@ ${CP} -p ${FILESDIR}/twcheck /mnt/twcheck
@ ${GZIP_CMD} < /usr/bin/gunzip > /mnt/gunzip
@ ${CP} -p ${FILESDIR}/twcheck /usr/bin/gunzip \
${PREFIX}/bin/tripwire \
/mnt/
@ ${CHMOD} 555 /mnt/tripwire /mnt/gunzip /mnt/twcheck
@ umount /mnt
@ ${ECHO} Do not forget to remove and write-protect the floppy.
# Do not forget to remove and write-protect the floppy.
.endif
.include <bsd.port.mk>

61
security/tripwire-131/files/patch-ab
View file

@ -1,28 +1,23 @@
*** Makefile.orig Mon Jul 25 10:59:41 1994
*** Makefile Mon Jul 25 10:59:41 1994
--- Makefile Thu Jan 2 12:04:35 1997
***************
*** 12,21 ****
###
*** 34,36 ****
# you can use ANSI C if you like, but K&R is equally fine.
! CC = cc # common
#CC = gcc # also common
--- 34,36 ----
# you can use ANSI C if you like, but K&R is equally fine.
! #CC = cc # common
#CC = gcc # also common
***************
*** 38,40 ****
# destination directory for final executables
! DESTDIR = /secureplace/bin
! CFLAGS = -O # common
#CFLAGS = -g # common
--- 38,40 ----
# destination for man pages
! MANDIR = /usr/man
# system utilities
LEX = lex
--- 12,21 ----
###
# destination directory for final executables
! DESTDIR = /usr/local/bin
# destination for man pages
! MANDIR = /usr/local/man
# system utilities
LEX = lex
! #CFLAGS = -O # common
#CFLAGS = -g # common
***************
*** 60,66 ****
#CPP = /lib/cpp # on older systems
@ -41,3 +36,27 @@
#LDFLAGS= -non_shared # OSF/1
#LDFLAGS= -Bstatic # SunOS 4 (cannot statically link tripwire
# on Solaris 2.3)
--- src/Makefile.orig Mon Jul 25 10:40:54 1994
+++ src/Makefile Sun May 28 15:52:25 2000
@@ -3,7 +3,7 @@
# Tripwire build
#
-CFLAGS = -O
+#CFLAGS = -O
OFILES = config.parse.o main.o list.o ignorevec.o dbase.build.o \
utils.o preen.o preen.interp.o preen.report.o \
@@ -103,8 +103,9 @@
.c.o:
$(CC) $(CFLAGS) -c $<
-install: tripwire
+install: tripwire siggen
$(INSTALL) tripwire $(DESTDIR)
+ $(INSTALL) siggen $(DESTDIR)
clean:
-rm -f $(OFILES) config.lex.c config.pre.c y.tab.c lex.yy.c help.c \

1
security/tripwire-131/pkg-plist
View file

@ -1 +1,2 @@
bin/siggen
bin/tripwire

24
security/tripwire/Makefile
View file

@ -20,30 +20,38 @@ NO_PACKAGE= "requires local database to be built"
RESTRICTED= "contains crypto class algorithms"
post-extract:
@ (cd ${WRKDIR}; tar xf T1.2.tar)
@ (cd ${WRKDIR}; tar xpf T1.2.tar)
post-patch:
@${PERL} -pi -e 's|/secureplace/bin|${PREFIX}/bin|g;' \
-e 's|/usr/man|${PREFIX}/man|g;' ${WRKSRC}/Makefile
pre-configure:
@ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
@ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${WRKSRC}/configs/tw.conf.freebsd2
@ ${SED} s%/kernel%`sysctl -bn kern.bootfile`% \
< ${FILESDIR}/tw.conf.freebsd2 \
> ${WRKSRC}/configs/tw.conf.freebsd2
post-install:
@ ${MKDIR} /var/adm/tcheck
@ ${CP} ${FILESDIR}/tw.conf.freebsd2 /var/adm/tcheck/tw.config
@ ${ECHO} Creating tripwire database
# Creating tripwire database
@ (cd /var/adm/tcheck; tripwire -initialize)
.if defined(TRIPWIRE_FLOPPY) && ${TRIPWIRE_FLOPPY} == YES
# preparing the floppy
@ disklabel -w -B /dev/rfd0c fd1440
@ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c
@ mount /dev/fd0c /mnt
@ ${GZIP_CMD} < ${PREFIX}/bin/tripwire > /mnt/tripwire
mount /dev/fd0c /mnt
# transferring things to the floppy
@ ${CP} -p /var/adm/tcheck/tw.config /mnt/tw.config
@ ${GZIP_CMD} < /var/adm/tcheck/databases/tw.db_`hostname` \
> /mnt/tw.db_`hostname`.gz
@ ${CP} -p ${FILESDIR}/twcheck /mnt/twcheck
@ ${GZIP_CMD} < /usr/bin/gunzip > /mnt/gunzip
@ ${CP} -p ${FILESDIR}/twcheck /usr/bin/gunzip \
${PREFIX}/bin/tripwire \
/mnt/
@ ${CHMOD} 555 /mnt/tripwire /mnt/gunzip /mnt/twcheck
@ umount /mnt
@ ${ECHO} Do not forget to remove and write-protect the floppy.
# Do not forget to remove and write-protect the floppy.
.endif
.include <bsd.port.mk>

61
security/tripwire/files/patch-ab
View file

@ -1,28 +1,23 @@
*** Makefile.orig Mon Jul 25 10:59:41 1994
*** Makefile Mon Jul 25 10:59:41 1994
--- Makefile Thu Jan 2 12:04:35 1997
***************
*** 12,21 ****
###
*** 34,36 ****
# you can use ANSI C if you like, but K&R is equally fine.
! CC = cc # common
#CC = gcc # also common
--- 34,36 ----
# you can use ANSI C if you like, but K&R is equally fine.
! #CC = cc # common
#CC = gcc # also common
***************
*** 38,40 ****
# destination directory for final executables
! DESTDIR = /secureplace/bin
! CFLAGS = -O # common
#CFLAGS = -g # common
--- 38,40 ----
# destination for man pages
! MANDIR = /usr/man
# system utilities
LEX = lex
--- 12,21 ----
###
# destination directory for final executables
! DESTDIR = /usr/local/bin
# destination for man pages
! MANDIR = /usr/local/man
# system utilities
LEX = lex
! #CFLAGS = -O # common
#CFLAGS = -g # common
***************
*** 60,66 ****
#CPP = /lib/cpp # on older systems
@ -41,3 +36,27 @@
#LDFLAGS= -non_shared # OSF/1
#LDFLAGS= -Bstatic # SunOS 4 (cannot statically link tripwire
# on Solaris 2.3)
--- src/Makefile.orig Mon Jul 25 10:40:54 1994
+++ src/Makefile Sun May 28 15:52:25 2000
@@ -3,7 +3,7 @@
# Tripwire build
#
-CFLAGS = -O
+#CFLAGS = -O
OFILES = config.parse.o main.o list.o ignorevec.o dbase.build.o \
utils.o preen.o preen.interp.o preen.report.o \
@@ -103,8 +103,9 @@
.c.o:
$(CC) $(CFLAGS) -c $<
-install: tripwire
+install: tripwire siggen
$(INSTALL) tripwire $(DESTDIR)
+ $(INSTALL) siggen $(DESTDIR)
clean:
-rm -f $(OFILES) config.lex.c config.pre.c y.tab.c lex.yy.c help.c \

239
security/tripwire/files/patch-mktemp Normal file
View file

@ -0,0 +1,239 @@
This patches replace all uses of the (potentially insecure) mktemp(3)
with a much safer tmpfile(3).
--- src/config.parse.c Wed Jul 20 21:03:26 1994
+++ src/config.parse.c Wed May 17 17:30:22 2000
@@ -55,7 +55,6 @@
#endif
/* prototypes */
-char *mktemp();
static void configfile_descend();
#ifndef L_tmpnam
@@ -86,7 +85,6 @@
char ignorestring[1024];
char s[MAXPATHLEN+1024];
char configfile[MAXPATHLEN+512];
- char *tmpfilename;
char number[128];
int entrynum = 0;
int err;
@@ -98,18 +96,6 @@
if (!printpreprocess && !quietmode)
fputs("### Phase 1: Reading configuration file\n", stderr);
- /* generate temporary file name */
- if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
- perror("configfile_read: malloc()");
- exit(1);
- };
- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
-
- if ((char *) mktemp(tmpfilename) == NULL) {
- perror("configfile_read: mktemp()");
- exit(1);
- }
-
/* generate configuration file name */
if (specified_configmode != SPECIFIED_FILE)
sprintf(configfile, "%s/%s", config_path, config_file);
@@ -149,25 +135,17 @@
err = umask(077); /* to protect the tempfile */
- if ((fpout = fopen(tmpfilename, "w+")) == NULL) {
- sprintf(s, "tripwire: Couldn't open config file '%s'", configfile);
- perror(s);
- exit(1);
- }
- (void) umask(err); /* return it to its former state */
-
- /* The following unlink accomplishes two things:
+ /* The use of tmpfile(3) accomplishes two things:
* 1) if the program terminates, we won't leave a temp
* file sitting around with potentially sensitive names
* in it.
* 2) the file is "hidden" while we run
*/
- if (unlink(tmpfilename) < 0) {
- perror("configfile_read: unlink()");
+ if ((fpout = tmpfile()) == NULL) {
+ perror("tmpfile");
exit(1);
}
- free(tmpfilename);
-
+ (void) umask(err); /* return it to its former state */
/*
* pass 0: preprocess file
--- src/dbase.build.c Mon Jul 25 11:24:09 1994
+++ src/dbase.build.c Wed May 17 18:22:14 2000
@@ -66,7 +66,6 @@
int files_scanned_num = 0;
/* prototypes */
-char *mktemp();
static void database_record_write();
char backupfile[MAXPATHLEN+256];
@@ -125,17 +124,7 @@
/* where do we write the new database? */
if (mode == DBASE_TEMPORARY) {
- char *tmpfilename = (char *) malloc(strlen(TEMPFILE_TEMPLATE)+1);
- if (tmpfilename == NULL)
- die_with_err("malloc() failed in database_build", (char *) NULL);
- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
-
- if ((char *) mktemp(tmpfilename) == NULL)
- die_with_err("database_build: mktemp()", (char *) NULL);
-
- (void) strcpy(tempdatabase_file, tmpfilename);
- (void) strcpy(database, tempdatabase_file);
- free(tmpfilename);
+ /* do nothing */
} /* end if temporary database */
else if (mode == DBASE_UPDATE) {
sprintf(database, "./databases/%s", database_file);
@@ -224,6 +213,12 @@
}
/* rebuild the database */
+ if (mode == DBASE_TEMPORARY) {
+ fpw = tmpfile();
+ if (fpw == NULL)
+ die_with_err("call tmpfile(3) failed. Check your TMPDIR setting",
+ NULL);
+ } else
if ((fpw = fopen(database, "w")) == NULL)
die_with_err("Hint: Maybe the database directory '%s' doesn't exist? fopen()", database);
@@ -369,6 +364,6 @@
- /* we don't want to allow anyone to spoof the temporary file in /tmp */
+ /* if the database was temporary, the file was opened by tmpfile(3) --
+ as such, it can not be accessed by anything but this process */
if (mode == DBASE_TEMPORARY) {
- if ((fptempdbase = freopen(database, "r", fpw)) == NULL)
- die_with_err("temporary database file disappeared?!?", database);
+ fptempdbase = fpw;
rewind(fptempdbase);
--- src/main.c Fri Aug 26 04:23:03 1994
+++ src/main.c Wed May 17 18:01:00 2000
@@ -108,7 +108,6 @@
char *database_path = DATABASE_PATH;
char *config_path = CONFIG_PATH;
-char tempdatabase_file[MAXPATHLEN+256];
FILE *fptempdbase;
char *defaultignore = DEFAULTIGNORE;
--- src/preen.c Mon Jul 25 11:24:11 1994
+++ src/preen.c Wed May 17 18:22:22 2000
@@ -37,7 +37,6 @@
static int numentriesread = 0; /* running count of @@contents */
/* prototypes */
-char *mktemp();
static void olddbasefile_load();
char *updatemodes[] = {
@@ -97,9 +96,6 @@
preen_report(interactive, ppp_updateentries);
if (!specified_configmode)
(void) fclose(fp_in);
-
- /* remove the temporary database file */
- (void) unlink(tempdatabase_file);
SPDEBUG(3) printf("*** leaving update_gather()\n");
--- src/siggen.c Mon Jul 25 11:24:12 1994
+++ src/siggen.c Wed May 17 18:36:51 2000
@@ -52,7 +52,6 @@
extern int optind;
int debuglevel = 0;
-char *mktemp();
int (*pf_signatures [NUM_SIGS]) () = {
SIG0FUNC,
@@ -84,7 +83,6 @@
};
int verbosity = 0;
int quietmode = 0;
-char *tmpfilename = NULL;
int readstdin = 0;
@@ -167,19 +167,6 @@
FILE *fpout;
- /* generate temporary file name */
- if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
- perror("main: malloc()");
- exit(1);
- };
- (void) strcpy(tmpfilename, "/tmp/twzXXXXXX");
-
- if ((char *) mktemp(tmpfilename) == NULL) {
- perror("siggen: mktemp()");
- exit(1);
- }
/* output */
- if (!(fpout = fopen(tmpfilename, "w"))) {
- char err[1024];
- sprintf(err, "main: fopen(%s)", tmpfilename);
- perror(err);
+ if (!(fpout = tmpfile())) {
+ perror("tmpfile()");
exit(1);
@@ -189,12 +176,6 @@
putc(c, fpout);
- fclose(fpout);
- if ((fd = open(tmpfilename, O_RDONLY)) < 0) {
- perror("siggen: open");
- exit(1);
- }
- if (siggen(fd) < 0)
+ rewind(fpout);
+ if (siggen(fileno(fpout)) < 0)
errors++;
- if (fd)
- close(fd);
+ close(fd);
- unlink(tmpfilename);
--- src/utils.c Mon Jul 25 12:23:16 1994
+++ src/utils.c Wed May 17 18:21:38 2000
@@ -785,23 +785,15 @@
int
fd_tempfilename_generate()
{
- char tmp[MAXPATHLEN+256];
- int fd;
+ FILE *tmp;
- (void) strcpy(tmp, TEMPFILE_TEMPLATE);
- if ((char *) mktemp(tmp) == NULL) {
- perror("tempfilename_generate: mktemp()");
+ tmp = tmpfile();
+ if (tmp == NULL) {
+ perror("tempfilename_generate: tmpfile()");
exit(1);
}
- if ((fd = open(tmp, O_RDWR | O_CREAT, 0600)) < 0) {
- perror("tempfilename_generate: open()");
- exit(1);
- }
- /* unlink right away to make sure no one can tamper with our file */
- unlink(tmp);
-
- return fd;
+ return fileno(tmp);
}
/*

33
security/tripwire/files/patch-warnings Normal file
View file

@ -0,0 +1,33 @@
This patches remove some of the warnings produced by the compiler.
--- src/siggen.c Mon Jul 25 11:24:12 1994
+++ src/siggen.c Wed May 17 19:15:29 2000
@@ -15,2 +15,3 @@
#include "../include/config.h"
+#include <unistd.h>
#include <stdio.h>
@@ -104,4 +104,6 @@
+
+/* forward declaration, to avoid compiler warnings */
+int siggen(int);
int
main(argc, argv)
--- aux/byteorder.c Fri Jul 15 07:02:36 1994
+++ aux/byteorder.c Wed May 17 19:12:42 2000
@@ -22,3 +22,3 @@
-void
+int
main()
@@ -34,2 +34,3 @@
+#warning "the shift-width warning below can be ignored"
if (sizeof(int32) > 4)
--- aux/types.c Sun Dec 12 23:02:27 1993
+++ aux/types.c Wed May 17 19:23:21 2000
@@ -24,3 +24,3 @@
-void
+int
main(argc, argv)

1
security/tripwire/pkg-plist
View file

@ -1 +1,2 @@
bin/siggen
bin/tripwire

24
security/tripwire12/Makefile
View file

@ -20,30 +20,38 @@ NO_PACKAGE= "requires local database to be built"
RESTRICTED= "contains crypto class algorithms"
post-extract:
@ (cd ${WRKDIR}; tar xf T1.2.tar)
@ (cd ${WRKDIR}; tar xpf T1.2.tar)
post-patch:
@${PERL} -pi -e 's|/secureplace/bin|${PREFIX}/bin|g;' \
-e 's|/usr/man|${PREFIX}/man|g;' ${WRKSRC}/Makefile
pre-configure:
@ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
@ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${WRKSRC}/configs/tw.conf.freebsd2
@ ${SED} s%/kernel%`sysctl -bn kern.bootfile`% \
< ${FILESDIR}/tw.conf.freebsd2 \
> ${WRKSRC}/configs/tw.conf.freebsd2
post-install:
@ ${MKDIR} /var/adm/tcheck
@ ${CP} ${FILESDIR}/tw.conf.freebsd2 /var/adm/tcheck/tw.config
@ ${ECHO} Creating tripwire database
# Creating tripwire database
@ (cd /var/adm/tcheck; tripwire -initialize)
.if defined(TRIPWIRE_FLOPPY) && ${TRIPWIRE_FLOPPY} == YES
# preparing the floppy
@ disklabel -w -B /dev/rfd0c fd1440
@ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c
@ mount /dev/fd0c /mnt
@ ${GZIP_CMD} < ${PREFIX}/bin/tripwire > /mnt/tripwire
mount /dev/fd0c /mnt
# transferring things to the floppy
@ ${CP} -p /var/adm/tcheck/tw.config /mnt/tw.config
@ ${GZIP_CMD} < /var/adm/tcheck/databases/tw.db_`hostname` \
> /mnt/tw.db_`hostname`.gz
@ ${CP} -p ${FILESDIR}/twcheck /mnt/twcheck
@ ${GZIP_CMD} < /usr/bin/gunzip > /mnt/gunzip
@ ${CP} -p ${FILESDIR}/twcheck /usr/bin/gunzip \
${PREFIX}/bin/tripwire \
/mnt/
@ ${CHMOD} 555 /mnt/tripwire /mnt/gunzip /mnt/twcheck
@ umount /mnt
@ ${ECHO} Do not forget to remove and write-protect the floppy.
# Do not forget to remove and write-protect the floppy.
.endif
.include <bsd.port.mk>

61
security/tripwire12/files/patch-ab
View file

@ -1,28 +1,23 @@
*** Makefile.orig Mon Jul 25 10:59:41 1994
*** Makefile Mon Jul 25 10:59:41 1994
--- Makefile Thu Jan 2 12:04:35 1997
***************
*** 12,21 ****
###
*** 34,36 ****
# you can use ANSI C if you like, but K&R is equally fine.
! CC = cc # common
#CC = gcc # also common
--- 34,36 ----
# you can use ANSI C if you like, but K&R is equally fine.
! #CC = cc # common
#CC = gcc # also common
***************
*** 38,40 ****
# destination directory for final executables
! DESTDIR = /secureplace/bin
! CFLAGS = -O # common
#CFLAGS = -g # common
--- 38,40 ----
# destination for man pages
! MANDIR = /usr/man
# system utilities
LEX = lex
--- 12,21 ----
###
# destination directory for final executables
! DESTDIR = /usr/local/bin
# destination for man pages
! MANDIR = /usr/local/man
# system utilities
LEX = lex
! #CFLAGS = -O # common
#CFLAGS = -g # common
***************
*** 60,66 ****
#CPP = /lib/cpp # on older systems
@ -41,3 +36,27 @@
#LDFLAGS= -non_shared # OSF/1
#LDFLAGS= -Bstatic # SunOS 4 (cannot statically link tripwire
# on Solaris 2.3)
--- src/Makefile.orig Mon Jul 25 10:40:54 1994
+++ src/Makefile Sun May 28 15:52:25 2000
@@ -3,7 +3,7 @@
# Tripwire build
#
-CFLAGS = -O
+#CFLAGS = -O
OFILES = config.parse.o main.o list.o ignorevec.o dbase.build.o \
utils.o preen.o preen.interp.o preen.report.o \
@@ -103,8 +103,9 @@
.c.o:
$(CC) $(CFLAGS) -c $<
-install: tripwire
+install: tripwire siggen
$(INSTALL) tripwire $(DESTDIR)
+ $(INSTALL) siggen $(DESTDIR)
clean:
-rm -f $(OFILES) config.lex.c config.pre.c y.tab.c lex.yy.c help.c \

239
security/tripwire12/files/patch-mktemp Normal file
View file

@ -0,0 +1,239 @@
This patches replace all uses of the (potentially insecure) mktemp(3)
with a much safer tmpfile(3).
--- src/config.parse.c Wed Jul 20 21:03:26 1994
+++ src/config.parse.c Wed May 17 17:30:22 2000
@@ -55,7 +55,6 @@
#endif
/* prototypes */
-char *mktemp();
static void configfile_descend();
#ifndef L_tmpnam
@@ -86,7 +85,6 @@
char ignorestring[1024];
char s[MAXPATHLEN+1024];
char configfile[MAXPATHLEN+512];
- char *tmpfilename;
char number[128];
int entrynum = 0;
int err;
@@ -98,18 +96,6 @@
if (!printpreprocess && !quietmode)
fputs("### Phase 1: Reading configuration file\n", stderr);
- /* generate temporary file name */
- if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
- perror("configfile_read: malloc()");
- exit(1);
- };
- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
-
- if ((char *) mktemp(tmpfilename) == NULL) {
- perror("configfile_read: mktemp()");
- exit(1);
- }
-
/* generate configuration file name */
if (specified_configmode != SPECIFIED_FILE)
sprintf(configfile, "%s/%s", config_path, config_file);
@@ -149,25 +135,17 @@
err = umask(077); /* to protect the tempfile */
- if ((fpout = fopen(tmpfilename, "w+")) == NULL) {
- sprintf(s, "tripwire: Couldn't open config file '%s'", configfile);
- perror(s);
- exit(1);
- }
- (void) umask(err); /* return it to its former state */
-
- /* The following unlink accomplishes two things:
+ /* The use of tmpfile(3) accomplishes two things:
* 1) if the program terminates, we won't leave a temp
* file sitting around with potentially sensitive names
* in it.
* 2) the file is "hidden" while we run
*/
- if (unlink(tmpfilename) < 0) {
- perror("configfile_read: unlink()");
+ if ((fpout = tmpfile()) == NULL) {
+ perror("tmpfile");
exit(1);
}
- free(tmpfilename);
-
+ (void) umask(err); /* return it to its former state */
/*
* pass 0: preprocess file
--- src/dbase.build.c Mon Jul 25 11:24:09 1994
+++ src/dbase.build.c Wed May 17 18:22:14 2000
@@ -66,7 +66,6 @@
int files_scanned_num = 0;
/* prototypes */
-char *mktemp();
static void database_record_write();
char backupfile[MAXPATHLEN+256];
@@ -125,17 +124,7 @@
/* where do we write the new database? */
if (mode == DBASE_TEMPORARY) {
- char *tmpfilename = (char *) malloc(strlen(TEMPFILE_TEMPLATE)+1);
- if (tmpfilename == NULL)
- die_with_err("malloc() failed in database_build", (char *) NULL);
- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
-
- if ((char *) mktemp(tmpfilename) == NULL)
- die_with_err("database_build: mktemp()", (char *) NULL);
-
- (void) strcpy(tempdatabase_file, tmpfilename);
- (void) strcpy(database, tempdatabase_file);
- free(tmpfilename);
+ /* do nothing */
} /* end if temporary database */
else if (mode == DBASE_UPDATE) {
sprintf(database, "./databases/%s", database_file);
@@ -224,6 +213,12 @@
}
/* rebuild the database */
+ if (mode == DBASE_TEMPORARY) {
+ fpw = tmpfile();
+ if (fpw == NULL)
+ die_with_err("call tmpfile(3) failed. Check your TMPDIR setting",
+ NULL);
+ } else
if ((fpw = fopen(database, "w")) == NULL)
die_with_err("Hint: Maybe the database directory '%s' doesn't exist? fopen()", database);
@@ -369,6 +364,6 @@
- /* we don't want to allow anyone to spoof the temporary file in /tmp */
+ /* if the database was temporary, the file was opened by tmpfile(3) --
+ as such, it can not be accessed by anything but this process */
if (mode == DBASE_TEMPORARY) {
- if ((fptempdbase = freopen(database, "r", fpw)) == NULL)
- die_with_err("temporary database file disappeared?!?", database);
+ fptempdbase = fpw;
rewind(fptempdbase);
--- src/main.c Fri Aug 26 04:23:03 1994
+++ src/main.c Wed May 17 18:01:00 2000
@@ -108,7 +108,6 @@
char *database_path = DATABASE_PATH;
char *config_path = CONFIG_PATH;
-char tempdatabase_file[MAXPATHLEN+256];
FILE *fptempdbase;
char *defaultignore = DEFAULTIGNORE;
--- src/preen.c Mon Jul 25 11:24:11 1994
+++ src/preen.c Wed May 17 18:22:22 2000
@@ -37,7 +37,6 @@
static int numentriesread = 0; /* running count of @@contents */
/* prototypes */
-char *mktemp();
static void olddbasefile_load();
char *updatemodes[] = {
@@ -97,9 +96,6 @@
preen_report(interactive, ppp_updateentries);
if (!specified_configmode)
(void) fclose(fp_in);
-
- /* remove the temporary database file */
- (void) unlink(tempdatabase_file);
SPDEBUG(3) printf("*** leaving update_gather()\n");
--- src/siggen.c Mon Jul 25 11:24:12 1994
+++ src/siggen.c Wed May 17 18:36:51 2000
@@ -52,7 +52,6 @@
extern int optind;
int debuglevel = 0;
-char *mktemp();
int (*pf_signatures [NUM_SIGS]) () = {
SIG0FUNC,
@@ -84,7 +83,6 @@
};
int verbosity = 0;
int quietmode = 0;
-char *tmpfilename = NULL;
int readstdin = 0;
@@ -167,19 +167,6 @@
FILE *fpout;
- /* generate temporary file name */
- if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
- perror("main: malloc()");
- exit(1);
- };
- (void) strcpy(tmpfilename, "/tmp/twzXXXXXX");
-
- if ((char *) mktemp(tmpfilename) == NULL) {
- perror("siggen: mktemp()");
- exit(1);
- }
/* output */
- if (!(fpout = fopen(tmpfilename, "w"))) {
- char err[1024];
- sprintf(err, "main: fopen(%s)", tmpfilename);
- perror(err);
+ if (!(fpout = tmpfile())) {
+ perror("tmpfile()");
exit(1);
@@ -189,12 +176,6 @@
putc(c, fpout);
- fclose(fpout);
- if ((fd = open(tmpfilename, O_RDONLY)) < 0) {
- perror("siggen: open");
- exit(1);
- }
- if (siggen(fd) < 0)
+ rewind(fpout);
+ if (siggen(fileno(fpout)) < 0)
errors++;
- if (fd)
- close(fd);
+ close(fd);
- unlink(tmpfilename);
--- src/utils.c Mon Jul 25 12:23:16 1994
+++ src/utils.c Wed May 17 18:21:38 2000
@@ -785,23 +785,15 @@
int
fd_tempfilename_generate()
{
- char tmp[MAXPATHLEN+256];
- int fd;
+ FILE *tmp;
- (void) strcpy(tmp, TEMPFILE_TEMPLATE);
- if ((char *) mktemp(tmp) == NULL) {
- perror("tempfilename_generate: mktemp()");
+ tmp = tmpfile();
+ if (tmp == NULL) {
+ perror("tempfilename_generate: tmpfile()");
exit(1);
}
- if ((fd = open(tmp, O_RDWR | O_CREAT, 0600)) < 0) {
- perror("tempfilename_generate: open()");
- exit(1);
- }
- /* unlink right away to make sure no one can tamper with our file */
- unlink(tmp);
-
- return fd;
+ return fileno(tmp);
}
/*

33
security/tripwire12/files/patch-warnings Normal file
View file

@ -0,0 +1,33 @@
This patches remove some of the warnings produced by the compiler.
--- src/siggen.c Mon Jul 25 11:24:12 1994
+++ src/siggen.c Wed May 17 19:15:29 2000
@@ -15,2 +15,3 @@
#include "../include/config.h"
+#include <unistd.h>
#include <stdio.h>
@@ -104,4 +104,6 @@
+
+/* forward declaration, to avoid compiler warnings */
+int siggen(int);
int
main(argc, argv)
--- aux/byteorder.c Fri Jul 15 07:02:36 1994
+++ aux/byteorder.c Wed May 17 19:12:42 2000
@@ -22,3 +22,3 @@
-void
+int
main()
@@ -34,2 +34,3 @@
+#warning "the shift-width warning below can be ignored"
if (sizeof(int32) > 4)
--- aux/types.c Sun Dec 12 23:02:27 1993
+++ aux/types.c Wed May 17 19:23:21 2000
@@ -24,3 +24,3 @@
-void
+int
main(argc, argv)

1
security/tripwire12/pkg-plist
View file

@ -1 +1,2 @@
bin/siggen
bin/tripwire