#96 Need better test for Phalanx2

main
closed-accepted
Detection (54)
5
2013-12-03
2013-04-24
Rich
No

For at least versions 2.5e and 2.5f, you don't get incorrect link count in /etc, just in /usr/share.

The attached patch checks there as well, and detects these when used on a compromised system.

I would also probably make it not a warning, since it's a pretty strong smoking gun in my limited experience, but.

Discussion

  • Rich

    Rich - 2013-04-24

    Updated test.

     
  • John Horne

    John Horne - 2013-12-03

    This has been fixed in CVS.

    The code now uses a loop, looking first n '/etc/' then secondly in '/usr/share'. This avoids duplicating the existing code.

     
  • John Horne

    John Horne - 2013-12-03
    • status: open --> closed-accepted
    • assigned_to: John Horne
    • Group: --> main
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks