integrit-devel — mailing list for discussion of issues related to developing integrit

Re: [Integrit-devel] FreeBSD readdir_r problem

[Ed L C. <ec...@co...>]

Andreas Schweitzer <an...@ph...> writes:

> On Thu, Dec 07, 2000 at 08:10:26PM -0500, Ed L Cashin wrote:
> > Andreas, 
> > 
> > With the current version of integrit, have you been able to replicate
> > segfaults in readdir_r when running integrit on the root of your
> > FreeBSD system?
> 
> Yes, it still segfaults.

I'm installing FreeBSD at home, so maybe soon I'll be able to
reproduce this.

> However, it compiles out of the box now :-)

That's good. :)

> I did a bit of debugging, but no real results.
> I use the included usr.conf file, i.e. it starts for
> me with /usr/bin.
> It dies on file number 246 (starting to count with 1)
> in /usr/bin, no matter which file this is.

You're sure that it's after the 246'th file it reads in /usr/bin, and
not some directory it reads later?  If so, then would you mind sending
the output of "find /usr/bin -ls"?

Are there NFS-mounted files?  I know you said there are some
setuid/gid files ...

What about the FreeBSD feature you mentioned earlier -- about some
files that have an atime that is impossible to reset?  Do you know
what the name of that feature is?

> I moved the files around, so that the order it reads
> it in changes - same result.
> 
> When I copy all the files to a temporary directory
> it works. It checks all 413 copied files from /usr/bin

What command did you use to copy the files?  Was the new location on
the same mountpoint?

> Also, I'm not sure if this is user root related or
> not, because when I test it as a regular user it dies
> before because it wants to read non-readable files
> (some SUID files). And I don't want to move those around ...
> So I can't really test.
> 
> Does this help you ?
> (gdb) print entry
> $1 = {d_fileno = 8011, d_reclen = 12, d_type = 8 '\b', d_namlen = 2 '\002', 
>   d_name = "mt\000Ëh\"\000\000\020\000\b\004ncal\000Ø\233Èh\
[snip]

Yes, that shows that mt was the file being statted.  See how d_name is
"mt", followed by a null character (\000)?  I wonder if mt is
different from the other files.

> (gdb) print result
> $2 = (struct dirent *) 0xbfbfc4f4
> 
> I'm not really good in C. Especially when it comes to
> such constructs :-)

Hey, you're better than most if you know what a debugger is!!! ;)

-- 
--Ed Cashin                     PGP public key:
  ec...@co...           http://www.coe.uga.edu/~ecashin/pgp/

[Integrit-devel] Re: integrit-0.01.05-alpha, extension, patch.

[Ed L C. <ec...@co...>]

Volker Apelt <va...@or...> writes:

> The attachment contains a patch to integrit-0.01.05-alpha for 
> example/viewreport  and  a new tool   cdb/cdbkeys 
> 
> cdbkeys
> 	 dumps all file names from the database.  That way one can test
> 	 coverage of the database through other tools.
> 	 Maybe this should be developed into a ls like tool 
> 	(integrit_ls), which lists the cdb as  XML or raw ascii. 

cdbkeys is D.J. Bernstein's cdbdump.c with a few parts taken out.
Users can already use cdbdump, since the cdb distribution is included
in the integrit distribution.

I think your right, though, that a tool to let users look inside an
integrit database might be useful.  

integrit could put some of its functions in a library, libintegrit.a.
A small standalone program could use the functions in the library to
create readable dumps of integrit's databases.

> viewreport
> 	was extended. Element data is now formatted into more readable
> 	data represenations. Converts  time, gid and uid. 
> 	(eg. unix-time-in-seconds  ->   "Mon 11 Dec 2000 12:24:00")

Your extensions are clearly written and greatly enhance the
functionality of the viewreport example.  Thank you!

-- 
--Ed Cashin                     PGP public key:
  ec...@co...           http://www.coe.uga.edu/~ecashin/pgp/

[Integrit-devel] Re: integrit-0.01.05-alpha, extension, patch.

[Ed L C. <ec...@co...>]

I'm looking forward to checking out these patches.  Thanks very much.

If you get a chance before I do, and you think it will help, please
consider checking out the current version of integrit via anonymous
CVS.  That way your patches will be more likely to apply to the
current version.  If you don't, that's fine too.  :)

Volker Apelt <va...@or...> writes:

> The attachment contains a patch to integrit-0.01.05-alpha for 
> example/viewreport  and  a new tool   cdb/cdbkeys 
> 
> cdbkeys
> 	 dumps all file names from the database.  That way one can test
> 	 coverage of the database through other tools.
> 	 Maybe this should be developed into a ls like tool 
> 	(integrit_ls), which lists the cdb as  XML or raw ascii. 
> 	
> viewreport
> 	was extended. Element data is now formatted into more readable
> 	data represenations. Converts  time, gid and uid. 
> 	(eg. unix-time-in-seconds  ->   "Mon 11 Dec 2000 12:24:00")

-- 
--Ed Cashin                     PGP public key:
  ec...@co...           http://www.coe.uga.edu/~ecashin/pgp/

Re: [Integrit-devel] FreeBSD readdir_r problem

[Andreas S. <an...@ph...>]

On Thu, Dec 07, 2000 at 08:10:26PM -0500, Ed L Cashin wrote:
> Andreas, 
> 
> With the current version of integrit, have you been able to replicate
> segfaults in readdir_r when running integrit on the root of your
> FreeBSD system?

Yes, it still segfaults.
However, it compiles out of the box now :-)

I did a bit of debugging, but no real results.
I use the included usr.conf file, i.e. it starts for
me with /usr/bin.
It dies on file number 246 (starting to count with 1)
in /usr/bin, no matter which file this is.
I moved the files around, so that the order it reads
it in changes - same result.

When I copy all the files to a temporary directory
it works. It checks all 413 copied files from /usr/bin

Also, I'm not sure if this is user root related or
not, because when I test it as a regular user it dies
before because it wants to read non-readable files
(some SUID files). And I don't want to move those around ...
So I can't really test.

Does this help you ?
(gdb) print entry
$1 = {d_fileno = 8011, d_reclen = 12, d_type = 8 '\b', d_namlen = 2 '\002', 
  d_name = "mt\000Ëh\"\000\000\020\000\b\004ncal\000Ø\233Èh\"\000\000\f\000\b\003cal\000L\037\000\000\020\000\b\anetstat\000M\037\000\000\020\000\b\006newkey\000ÈN\037\000\000\020\000\b\anfsstat\000O\037\000\000\020\000\b\004nice\000Ø\233ÈP\037\000\000\020\000\b\005nohup\000\233ÈQ\037\000\000\024\000\b\tobjformat\000;ÉQ\037\000\000\024\000\b\taddr2line\000\037ÀQ\037\000\000\f\000\b\002ar\000ÉQ\037\000\000\f\000\b\002as\000ÉQ\037\000\000\020\000\b\ac++filt\000Q\037\000\000\f\000\b\003"...}
(gdb) print result
$2 = (struct dirent *) 0xbfbfc4f4

I'm not really good in C. Especially when it comes to
such constructs :-)

Andreas

-- 
Department of Physics & Astronomy  and  Center for Simulational Physics
University of Georgia                          Phone ++1 (706) 542 5043
Athens, GA 30602-2451                            Fax ++1 (706) 542 2492
USA                               http://dilbert.physast.uga.edu/~andy/

NEW ! WWW page for phoenix :

                   http://phoenix.physast.uga.edu

[Integrit-devel] FreeBSD readdir_r problem

[Ed L C. <ec...@co...>]

Andreas, 

With the current version of integrit, have you been able to replicate
segfaults in readdir_r when running integrit on the root of your
FreeBSD system?

-- 
--Ed Cashin                     PGP public key:
  ec...@co...           http://www.coe.uga.edu/~ecashin/pgp/

Re: [Integrit-devel] Re: stdint.h and inttypes.h (was Re: integrit file verification system)

[Ed L C. <ec...@co...>]

Andreas Schweitzer <an...@ph...> writes:

...
> Actually, I double checked. getopt is in /usr/local,
> so adjusting the Makefile to use /usr/local/include will work.
> Or, ultimately, via ./configure 

That's a user-level thing to do, since it's specific to the user's
system whether files are in /usr/local/include or whatever.  

I should add a note to the README file, though, explaining that you
can do this:

   CPPFLAGS="-I /usr/local/include" ./configure && make

... and then make sure that it works as advertised.

> > inttypes.h: This is weird.  I looked into it, and now I really don't
> > understand why a C implementation would provide inttypes.h without
> > stdint.h.  According to the headers themselves, they are both for ISO
> > C9X conformance, so I don't know why FreeBSD would provide one without
> > the other.
> 
> Well, FreeBSD does not have stdint.h. I checked their mailing list
> archives and it seems they are working on it. I don't know the
> C standards and even much less the implementation in FreeBSD.

I guess they are just a bit behind in C99 conformance.  If they're
working on it, then we'll just leave it as #includ'ing inttypes.h
until they have a stdint.h.  I added it to the todo.txt file.

> > The C99 standard says that stdint is for defining fixed-width and
> > at-least-width types, and that's what I need in integrit.  I'm now
> > trying to get access to sourceforge's compile farm, where they have a
> > FreeBSD system, and I'll look into it.
> 
> I forgot, you need GNU make, which is gmake on FreeBSD.

You mean that the build fails with the FreeBSD make?  Depending on GNU
make deserves mention in the docs.

> So, when including the getopt from above, 

... which should no longer be an issue, since unistd.h is included
instead 

> the prerequisites for FreeBSD are the GNU make and the getopt
> package, plus the boehm-gc package. OpenSSL is more or less standard
> on FreeBSD.  The term 'package' means something to FreeBSD users :-)
> it's like rpm.

Yes, I built a FreeBSD web server once, and I liked their make-based
package system.

Do you mean, though, that the boehm-gc package is required for a
regular build?  I wanted it to be required only for debugging (compile
with make LEAKFIND=yes).  I should make that more clear on the web
page and in the docs.

> Andreas
> 
> P.S.: obviously I subscribed to the mailing list :-)

Great!

-- 
--Ed Cashin                     PGP public key:
  ec...@co...           http://www.coe.uga.edu/~ecashin/pgp/

[Integrit-devel] Re: stdint.h and inttypes.h (was Re: integrit file verification system)

[Andreas S. <an...@ph...>]

On Wed, Dec 06, 2000 at 11:36:52AM -0500, Ed L Cashin wrote:
> Andreas Schweitzer <an...@ph...> writes:
> 
> ...
> > I downloaded it and tried to compile it on FreeBSD.
> > I include a small patch to make it compile.
> > The first patch part is probably very FreeBSD specific,
> > the other two may also work in Linux (I didn't try it
> > on Linux). The diff is against an earlier version, but
> > also worked agaisnt the latest (15 minutes ago) version
> > on sourceforge.
> 
> Regarding ENODATA, I've changed it to EIO, since that works on my
> Linux box, and is pretty much just as expressive as ENODATA for the
> context of a short read in cdb_seq_start.

That's about the best I found in /usr/include/errno.h

> getopt.h: There is some platform where I found I needed to #include
> <getopt.h> to use getopt -- unistd wasn't enough.  However, since I
> can't remember, I'm including unistd and not getopt now.

Actually, I double checked. getopt is in /usr/local,
so adjusting the Makefile to use /usr/local/include will work.
Or, ultimately, via ./configure 

> inttypes.h: This is weird.  I looked into it, and now I really don't
> understand why a C implementation would provide inttypes.h without
> stdint.h.  According to the headers themselves, they are both for ISO
> C9X conformance, so I don't know why FreeBSD would provide one without
> the other.

Well, FreeBSD does not have stdint.h. I checked their mailing list
archives and it seems they are working on it. I don't know the
C standards and even much less the implementation in FreeBSD.

> The C99 standard says that stdint is for defining fixed-width and
> at-least-width types, and that's what I need in integrit.  I'm now
> trying to get access to sourceforge's compile farm, where they have a
> FreeBSD system, and I'll look into it.

I forgot, you need GNU make, which is gmake on FreeBSD.

So, when including the getopt from above, the prerequisites for
FreeBSD are the GNU make and the getopt package, plus the
boehm-gc package. OpenSSL is more or less standard on FreeBSD.
The term 'package' means something to FreeBSD users :-) it's like rpm.

Andreas

P.S.: obviously I subscribed to the mailing list :-)

-- 
Department of Physics & Astronomy  and  Center for Simulational Physics
University of Georgia                          Phone ++1 (706) 542 5043
Athens, GA 30602-2451                            Fax ++1 (706) 542 2492
USA                               http://dilbert.physast.uga.edu/~andy/

NEW ! WWW page for phoenix :

                   http://phoenix.physast.uga.edu

[Integrit-devel] stdint.h and inttypes.h (was Re: integrit file verification system)

[Ed L C. <ec...@co...>]

Andreas Schweitzer <an...@ph...> writes:

...
> I downloaded it and tried to compile it on FreeBSD.
> I include a small patch to make it compile.
> The first patch part is probably very FreeBSD specific,
> the other two may also work in Linux (I didn't try it
> on Linux). The diff is against an earlier version, but
> also worked agaisnt the latest (15 minutes ago) version
> on sourceforge.

Regarding ENODATA, I've changed it to EIO, since that works on my
Linux box, and is pretty much just as expressive as ENODATA for the
context of a short read in cdb_seq_start.

getopt.h: There is some platform where I found I needed to #include
<getopt.h> to use getopt -- unistd wasn't enough.  However, since I
can't remember, I'm including unistd and not getopt now.

inttypes.h: This is weird.  I looked into it, and now I really don't
understand why a C implementation would provide inttypes.h without
stdint.h.  According to the headers themselves, they are both for ISO
C9X conformance, so I don't know why FreeBSD would provide one without
the other.

The C99 standard says that stdint is for defining fixed-width and
at-least-width types, and that's what I need in integrit.  I'm now
trying to get access to sourceforge's compile farm, where they have a
FreeBSD system, and I'll look into it.

I haven't checked in my changes yet, but I'll make a new file release
today, and it will be version 0.01.04-alpha.

-- 
--Ed Cashin                     PGP public key:
  ec...@co...           http://www.coe.uga.edu/~ecashin/pgp/