|
Bugtraq
mailing list archives
Re: Verifying file data integrity using L6
From: ngps () POST1 COM (Ng Pheng Siong)
Date: Sat, 19 Dec 1998 01:00:07 +0800
On Dec 17, gilbert () PGCI CA wrote:
[L6] provides a useful, lightweight and flexible interface (written in
perl) to verify file data integrity, and the output and functionality
resembles that of L5 (a similar tool written in C by hobbit () avian org).
/usr/local/src/toolz:$ vi l6
/usr/local/src/toolz:$ diff l6.org l6
1c1
< #!/bin/perl
---
> #!/usr/local/bin/perl -Tw
52a53,54
>
> $ENV{PATH}='/bin:/usr/bin';
/usr/local/src/toolz:$ ./l6 l6
Use of uninitialized value at ./l6 line 78.
Insecure dependency in chdir while running with -T switch at
/usr/local/lib/perl5/5.00502/File/Find.pm line 125.
Ok, it's File::Find's problem, not your code. And maybe not exploitable.
(A file which name is binary code?) But since this program will touch
potentially every file on the system as root, one can't be too careful.
Also, try "use strict".
I've toyed with putting a wrapper around l5 to make it work like tripwire,
but that means handling all the integrity database maintenance that tripwire
does. In essence, reinventing tripwire. ;-|
--
Ng Pheng Siong <ngps () post1 com>
 By Date 
By Thread
Current thread:
|
Intro
