tags #113121 moreinfo unreproducible
user [EMAIL PROTECTED]
usertags #113121 close-20060331
thanks
On Sat, Sep 22, 2001 at 04:57:50PM +1000, Alexander Zangerl wrote:
> aide's default configuration file does not exclude /proc, which
> is a bad thing in itself IMHO.
This has been fixed with aide 0.7-11 in late 2001.
> anyways, when one does ask aide to init the database, aide starts
> reading proc, and then stumbles as soon as it encounters a link there
> that's just being removed (see strace fragment), because the code
> in question did not take non-atomicity into account.
I cannot reproduce this. Even with a very simple config file:
database=file:/var/lib/aide/aide.db
database_out=file:/var/lib/aide/aide.db.new
gzip_dbout=yes
Binlib = p+i+n+u+g+s+b+m+c+md5+sha1
/ Binlib
!/proc/kcore
aide processes /proc just fine without segfaulting.
> looking at the source tells me:
> in line 312 of gen_list.c the result code of the readlink is not caught,
> the next malloc(-1+1) 'works fine' (does not reserve any space but
> does not return NULL either, which would have been caught),
> and in line 319 things are going down, finally:
> strncpy(into_the_zero_sized_space,from_somewhere,-1)...
That looks like the code which is now in lines 478ff, and now is:
len=readlink(fil->filename,lnktmp,_POSIX_PATH_MAX+1);
if(len == -1){
error(0,"readlink failed in add_file_to_list(): %d,%s\n"
,errno,strerror(errno));
free(lnktmp);
free(fil->filename);
free(fil);
*addok=RETFAIL;
return listp;
}
lnkbuf=(char*)malloc(len+1);
Looks like the issue has been addressed in aide 0.10.
Can you please verify?
If no answer is received by 2006-03-31, I intend to close this bug.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
