Hello all, during the last weeks I ported tct-1.09 to HP-UX 10.20. You can download the patch from http://www.isd.uni-stuttgart.de/~knut.eckstein/tct-hp.html You will also find there a summary of the tests I ran in order to verify the correct functioning of the port. A big thank you goes to Andreas Thuemmel who wrote two utility programs that are helpful when testing unrm on large files. You can also download them from the URL above. Further thanks go to Brian Carrier and Wietse Venema for answering questions I that occured during the port. During the tests I found two interesting problems. Maybe a HP-UX expert out there can point me to a solution: 1. The pcat program in TCT uses ptrace(READDATA) to copy the TEXT, DATA and STACK segment of a process. It returns with EIO when trying to read the STACK area of the init process (PID==1). Therefore pcat will only return the TEXT and DATA segment of that particular process. I observed similar behaviour with "/bin/sh" and "/usr/dt/bin/dtrc". The inital ptrace(ATTACH) works fine as do the read operations on the TEXT and DATA segments. I know that OpenBSD and Linux flat out refuse a ptrace(ATTACH) to the init process for security reasons, but this seems to be a slightly different issue here. I also looked at the pst_vm_status.pst_flags and the pst_vm_status.pst_permission bits returned for each segment by pstat_getprocvm, but I can't see any differences between these "troublemaking" processes and others. 2. When deleting a file that is still opened by a process, HP-UX does delete the directory entry but does not decrement the refcount to zero in the on-disk inode. Therefore, ils cannot report such a file, as they look like a normal file on disk. Why does this behaviour differ from other Unix implementations? As far as I know, all other platforms that TCT is available for, do not exhibit this behaviour. Further plans: - port tctutils - include support for HP-UX 11.00 - look at acl(5) implementation and how to incorporate that information into TCT As this is a freetime project, I won't say anything about a schedule :-) Have fun (and send feedback/bug reports), Knut ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jan 20 2002 - 12:44:28 PST