Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Verifying file data integrity using L6

From: ngps () POST1 COM (Ng Pheng Siong)
Date: Sat, 19 Dec 1998 01:00:07 +0800

On Dec 17, gilbert () PGCI CA wrote:

[L6] provides a useful, lightweight and flexible interface (written in
perl) to verify file data integrity, and the output and functionality
resembles that of L5 (a similar tool written in C by hobbit () avian org).


        /usr/local/src/toolz:$ vi l6
        /usr/local/src/toolz:$ diff l6.org l6
        1c1
        < #!/bin/perl
        ---
        > #!/usr/local/bin/perl -Tw
        52a53,54
        >
        > $ENV{PATH}='/bin:/usr/bin';

        /usr/local/src/toolz:$ ./l6 l6
        Use of uninitialized value at ./l6 line 78.
        Insecure dependency in chdir while running with -T switch at
        /usr/local/lib/perl5/5.00502/File/Find.pm line 125.

Ok, it's File::Find's problem, not your code. And maybe not exploitable.
(A file which name is binary code?) But since this program will touch
potentially every file on the system as root, one can't be too careful.

Also, try "use strict".


I've toyed with putting a wrapper around l5 to make it work like tripwire,
but that means handling all the integrity database maintenance that tripwire
does. In essence, reinventing tripwire. ;-|


--
Ng Pheng Siong <ngps () post1 com>
Previous By Date Next
Previous By Thread Next

Current thread: