[osiris-devel] Re: Hunting down lstat "bug" in scanner
Brian Wotring
brian at hostintegrity.com
Wed Sep 14 02:28:29 EDT 2005
It's possible there is a buffer problem. The scanner makes use of
opendir() and readdir(). However, when the scanner encounters root-only
readable files, the privsep module opens the file, passes down the file
descriptor, and the scanner then makes use of getdirentries() or
getdents(), depending upon which one it has.
The scanner tries to use getdirentries() first, then resorts to
getdents(). Check your config.h and verify that HAVE_GETDIRENTRIES is
defined.
Are these 64 bit systems?
-brian
Douglas K. Fischer wrote:
> Brian Wotring wrote:
>
>
>>No, it doesn't ring a bell. Thank you for the detailed analysis :) In
>>my experience, this sounds like it's likely one of the following:
>>
>>1) bad string manipulation code.
>>2) race condition on temporary files.
>>
>>What version of osiris is this?
>>
>
> 4.1.9
>
>
>>What platforms are you seeing this on?
>>
>>
>
> Linux
>
>
>>How often do you see these errors, on (almost) every scan or is it
>>infrequent?
>>
>>
>
> Every scan.
>
> It also appears to be the same directories, which is why directory entry
> corruption also comes to mind. Otherwise, if it's in the scanner code,
> it would probably involve either the OSI_DIRECTORY struct that's used in
> process_directory() or the file_path array, so it would likely be in one
> of the following:
>
> process_directory()
> osi_open_directory() (not too likely)
> osi_get_next_file()
> osi_readdir()
> osi_strlcopy()
>
> I haven't seen anything obvious, but I would guess either a buffer is
> being reused without being zeroed out or a buffer is being overflowed
> (not likely given the careful checking being done that I've seen). I
> haven't seen anywhere that a race condition could come in.
>
> At least the troubleshooting let's me exercise my paltry C skills :-)
>
> Thanks,
>
> Doug
>
> _______________________________________________
> osiris-devel mailing list
> osiris-devel at lists.shmoo.com
> https://lists.shmoo.com/mailman/listinfo/osiris-devel
More information about the osiris-devel
mailing list