Bug#618627: tripwire: Segfaults indexing files owned by LDAP user

[Ben Lipton]

Package: tripwire
Version: 2.4.2-9
Severity: important

Tripwire segfaults every time I run it on my system, whether in initialize or 
check mode. Specifically, it segfaults the first time it encounters a file 
owned by a user whose access to the machine is configured in LDAP, not in 
/etc/passwd. The crash seems to occur in cUnixFSServices::GetOwnerForFile, when 
it calls the getpwuid() function on the LDAP user's uid number.

I have been able to get a segfault from the following program, as well, when 
compiling with the following command line:
g++ -g -static -o test test.cpp

test.cpp:

int main() {
    struct passwd* pp = getpwuid( 3104 );
    printf("%s\n",pp->pw_name);
}

The tripwire package is configured to use the --enable-static option, which 
both generates warnings of the type "Using 'getpwuid' in statically linked 
applications requires at runtime the shared libraries from the glibc version 
used for linking." It seems like this would be ok (it's just a warning, after 
all) but the function actually segfaults. I don't know if this counts as a bug 
in the getpwuid() function, but it definitely prevents me from using tripwire. 
Recompiling the package after removing --enable-static from debian/rules 
produced a .deb that works for me.

-- System Information:
Debian Release: 6.0
  APT prefers squeeze-updates
  APT policy: (500, 'squeeze-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-bpo.5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages tripwire depends on:
ii  debconf [debconf-2.0]         1.5.36.1   Debian configuration management sy
ii  postfix [mail-transport-agent 2.7.1-1    High-performance mail transport ag

tripwire recommends no packages.

tripwire suggests no packages.

-- Configuration Files:
/etc/tripwire/twcfg.txt changed [not included]
/etc/tripwire/twpol.txt changed [not included]

-- debconf information:
* tripwire/rebuild-config: true
  tripwire/email-report:
  tripwire/broken-passphrase:
* tripwire/installed:
  tripwire/site-passphrase-incorrect: false
* tripwire/use-localkey: true
  tripwire/change-in-default-policy:
* tripwire/use-sitekey: true
  tripwire/upgrade: true
* tripwire/rebuild-policy: true
  tripwire/local-passphrase-incorrect: false



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org