« back to all changes in this revision
Viewing changes to .pc/fix-stack-smash.patch/chkutmp.c
- browse files at revision 22
- compare with another revision
- download diff
- download tarball
- view history from revision 22
- Committer: Package Import Robot
- Author(s): Artur Rona
- Date: 2015-09-06 21:48:14 UTC
- Revision ID: package-import@ubuntu.com-20150906214814-kqfrsecvmn82r1w2
Tags: 0.50-3.2
* Non-maintainer upload.
* debian/patches/fix-stack-smash.patch:
- Fix segfault when running chkrootkit. (Closes: #767403)
* debian/patches/fix-stack-smash.patch:
- Fix segfault when running chkrootkit. (Closes: #767403)
- files added:
- .pc/fix-stack-smash.patch
- files modified:
- .pc/applied-patches
added
removed
.pc/fix-stack-smash.patch/chkutmp.c
1
/*
2
* 2004/09/23 - Jeremy Miller <jmtgzd@gmail.com>
3
*
4
* This utility compares the output from the ps command and tries to find
5
* a matching entry bound to the same tty in the utmp login records. The
6
* idea is to display users that may have wiped themselves from the utmp
7
* log. When analyzing a compromised box, it is assumed you have the
8
* path to a known good 'ps' binary in your PATH.
9
*
10
* LICENSE: This program is free software; you can redistribute it and/or
11
* modify it under the terms of the GNU General Public License as
12
* published by the Free Software Foundation; either version 2 of the
13
* License, or (at your option) any later version.
14
*
15
* This program is distributed in the hope that it will be useful, but
16
* WITHOUT ANY WARRANTY; without even the implied warranty of
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18
* General Public License for more details.
19
*
20
* You should have received a copy of the GNU General Public License along
21
* with this program; if not, write to the Free Software Foundation, Inc.,
22
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23
*
24
* Changelog:
25
* Ighighi X - Improved speed via break command - 2005/03/27
26
* Some overflow fixes by Michael Schwendt - 2009/07/21
27
*
28
*/
29
30
#if !defined(__sun) && !defined(__linux__)
31
int main () { return 0; }
32
#else
33
#include <unistd.h>
34
#include <stdlib.h>
35
#include <stdio.h>
36
#include <string.h>
37
#include <utmp.h>
38
#include <fcntl.h>
39
#if defined(__sun)
40
#include <utmpx.h>
41
#else
42
#include <utmp.h>
43
#endif
44
#include <ctype.h>
45
46
#define MAXREAD 1024
47
#define MAXBUF 4096
48
#define MAXLENGTH 256
49
#define UT_PIDSIZE 12
50
#if defined(__sun)
51
#define UTMP "/var/log/utmpx"
52
#define UT_LINESIZE 12
53
#define UT_NAMESIZE 8
54
#define PS_CMD 0
55
#else
56
#define PS_CMD 1
57
#define UTMP "/var/run/utmp"
58
#endif
59
60
struct ps_line {
61
char ps_tty[UT_LINESIZE+2];
62
char ps_user[UT_NAMESIZE+2];
63
char ps_args[MAXLENGTH+2];
64
int ps_pid;
65
};
66
struct utmp_line {
67
char ut_tty[UT_LINESIZE];
68
int ut_pid;
69
int ut_type;
70
};
71
static char *cmd[] = {
72
"ps -ef -o \"tty,pid,ruser,args\"", /* solaris */
73
"ps axk \"tty,ruser,args\" -o \"tty,pid,ruser,args\"" /* linux */
74
};
75
int fetchps(struct ps_line *);
76
int fetchutmp(struct utmp_line *);
77
78
int fetchps(struct ps_line *psl_p)
79
{
80
FILE *ps_fp;
81
char line[MAXREAD + 1], pid[UT_PIDSIZE];
82
char *s, *d;
83
struct ps_line *curp = &psl_p[0];
84
struct ps_line *endp = &psl_p[MAXBUF-1];
85
int i, x;
86
87
i = 0;
88
if ((ps_fp = (popen(cmd[PS_CMD], "r"))) != NULL) {
89
fgets(line, MAXREAD, ps_fp); /* skip header */
90
while (fgets(line, MAXREAD, ps_fp)) {
91
s = line;
92
if (*s != '\?' && curp <= endp) { /* only interested in lines that
93
* have a tty */
94
d = curp->ps_tty;
95
for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_LINESIZE; x++) /* grab tty */
96
;
97
*d = '\0';
98
while (isspace(*s)) /* skip spaces */
99
s++;
100
d = pid;
101
for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_LINESIZE; x++) /* grab pid */
102
;
103
*d = '\0';
104
curp->ps_pid = atoi(pid);
105
while (isspace(*s)) /* skip spaces */
106
s++;
107
d = curp->ps_user;
108
for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_NAMESIZE; x++) /* grab user */
109
;
110
*d = '\0';
111
d = curp->ps_args;
112
while (isspace(*s)) /* skip spaces */
113
s++;
114
for (x = 0; (*d++ = *s++) && x <= MAXLENGTH; x++) /* cmd + args */
115
;
116
if (d[-2] == '\n')
117
d[-2] = '\0';
118
i++;
119
curp++;
120
}
121
}
122
pclose(ps_fp);
123
} else {
124
fprintf(stderr, "\nfailed running 'ps' !\n");
125
exit(EXIT_FAILURE);
126
}
127
return i;
128
}
129
130
int fetchutmp(struct utmp_line *utl_p)
131
{
132
#if defined(__sun)
133
struct utmpx ut;
134
#else
135
struct utmp ut;
136
#endif
137
struct utmp_line *curp = &utl_p[0];
138
struct utmp_line *endp = &utl_p[MAXBUF-1];
139
int i, f, del_cnt, sz_ut;
140
141
i = del_cnt = 0;
142
if ((f = open(UTMP, O_RDONLY)) > 0) {
143
#if defined(__sun)
144
sz_ut = sizeof(struct utmpx);
145
#else
146
sz_ut = sizeof(struct utmp);
147
#endif
148
149
while (read(f, &ut, sz_ut) > 0 && curp <= endp) {
150
#if !defined(__sun)
151
if (ut.ut_time == 0)
152
del_cnt++; /* ut_time shouldn't be zero */
153
#endif
154
if (strlen(ut.ut_user) > 0) {
155
strncpy(curp->ut_tty, ut.ut_line, UT_LINESIZE);
156
curp->ut_pid = ut.ut_pid;
157
curp->ut_type = ut.ut_type;
158
i++;
159
curp++;
160
}
161
}
162
close(f);
163
if (del_cnt > 0)
164
printf("=> possibly %d deletion(s) detected in %s !\n",
165
del_cnt, UTMP);
166
} else {
167
fprintf(stderr, "\nfailed opening utmp !\n");
168
exit(EXIT_FAILURE);
169
}
170
return i;
171
}
172
173
int main(int argc, char *argv[])
174
{
175
struct ps_line ps_l[MAXBUF]; /* array of data from 'ps' */
176
struct utmp_line ut_l[MAXBUF]; /* array of data from utmp log */
177
int h, i, y, z, mtch_fnd, hdr_prntd;
178
179
y = fetchps(ps_l);
180
z = fetchutmp(ut_l);
181
hdr_prntd = 0;
182
for (h = 0; h < y; h++) { /* loop through 'ps' data */
183
mtch_fnd = 0;
184
for (i = 0; i < z; i++) { /* try and match the tty from 'ps' to one in utmp */
185
if (ut_l[i].ut_type == LOGIN_PROCESS /* ignore getty processes with matching pid from 'ps' */
186
&& ut_l[i].ut_pid == ps_l[h].ps_pid)
187
{
188
mtch_fnd = 1;
189
break;
190
}
191
else if (strncmp(ps_l[h].ps_tty, ut_l[i].ut_tty, /* compare the tty's */
192
strlen(ps_l[h].ps_tty)) == 0)
193
{
194
mtch_fnd = 1;
195
break;
196
}
197
}
198
if (!mtch_fnd) {
199
if (!hdr_prntd) {
200
printf
201
(" The tty of the following user process(es) were not found\n");
202
printf(" in %s !\n", UTMP);
203
printf("! %-9s %7s %-6s %s\n", "RUID", "PID", "TTY",
204
"CMD");
205
hdr_prntd = 1;
206
}
207
printf("! %-9s %7d %-6s %s\n", ps_l[h].ps_user,
208
ps_l[h].ps_pid, ps_l[h].ps_tty, ps_l[h].ps_args);
209
}
210
}
211
exit(EXIT_SUCCESS);
212
}
213
#endif
Loggerhead is a web-based interface for Breezy
Version: 2.0.1