~ ~ I reported this to the author maybe a year and a half ago(?). I ~ was evidently not the first as the author already knew about the problem. ~ I would recommend against using security tools that are not properly ~ maintained. It's probably worth looking at the release date of a package ~ before using it and reconsidering if it hasn't been touched within the ~ last 6 months or year. There are probably other bugs lurking that the ~ author hasn't bothered to fix. ~ yes. After my post to bugtraq I had one private message from a person, who pointed me to tripwire-1.3 source code, which is realeased for Academic use by visualcomputing. I checked the source out, the bug which I mentioned (marked with(*)(among some others) is fixed there(from Changelog): ~ ~ 1.3 (release) Fri Jul 17 18:02:53 PDT 1998 ~ fixed database entry consistency bug. ~(*) fixed database filename construction routine. ~ made "loosedir" reporting the default. makes superfluous directory ~ changes go away. ~ made reports more succinct, and much more quiet when there's nothing ~ worth reporting. ~ updated manual. ~ added Visual Computing Corporation banner to startup. ~ eliminated RCS banners for any changed files (RCS no longer being ~ the source control system for our source archives). ~ pulled out user manual (.doc and .pdf files) out of Tripwire package. ~ will be distributed separately. ~ removed twdb_check.pl from Tripwire package. ~ updated README, README.FIRST, and COAST.info files. ~ aux directory is now util, to accommodate DOS FAT filename ~ restrictions. I think Tripwire just went commercial and they do not feel to update their old stuff anymore. I have mirrored the 1-3 version of tripwire at http://www.underground.org.kg/security/tripwire if anyone is interested (or you could get it from www.visualcomputing.com after filling in some webform). regards Fyodor
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:27:59 PDT