On Dec 17, gilbertat_private wrote: > [L6] provides a useful, lightweight and flexible interface (written in > perl) to verify file data integrity, and the output and functionality > resembles that of L5 (a similar tool written in C by hobbitat_private). /usr/local/src/toolz:$ vi l6 /usr/local/src/toolz:$ diff l6.org l6 1c1 < #!/bin/perl --- > #!/usr/local/bin/perl -Tw 52a53,54 > > $ENV{PATH}='/bin:/usr/bin'; /usr/local/src/toolz:$ ./l6 l6 Use of uninitialized value at ./l6 line 78. Insecure dependency in chdir while running with -T switch at /usr/local/lib/perl5/5.00502/File/Find.pm line 125. Ok, it's File::Find's problem, not your code. And maybe not exploitable. (A file which name is binary code?) But since this program will touch potentially every file on the system as root, one can't be too careful. Also, try "use strict". I've toyed with putting a wrapper around l5 to make it work like tripwire, but that means handling all the integrity database maintenance that tripwire does. In essence, reinventing tripwire. ;-| -- Ng Pheng Siong <ngpsat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:14 PDT