Bug#403798: this bug/#403798: john: please don't clobber ./restore

2007-01-02 Thread Solar Designer 
Disclaimer: I am not a Debian user, I merely wrote JtR.

My understanding is that some supported versions of Debian continue to
use the ancient JtR 1.6, released over 8 years ago.  I recommend that
you start by updating to JtR 1.7+, which includes system-wide
installation support.  IIRC, this was already done in testing.

JtR 1.6 was not meant to be packaged at all, which is why doing so
results in some weirdness.

My recommendation is that you use the latest 1.7.x for testing and
unstable and use the latest 1.7.0.x for stable.

On Mon, Jan 01, 2007 at 08:34:54PM -0500, Justin Pryzby wrote:
 Alex, please feel free to comment.  Ideally, Debian would apply the same
 patch used upstream (but perhaps before you make a new release).

Is the issue that a file that just happens to be called restore but is
unrelated to JtR may be overwritten?  If so, this is resolved by
upgrading to JtR 1.7 with system-wide installation support enabled.

Thank you for the opportunity to comment on this!

Alexander


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#403798: this bug/#403798: john: please don't clobber ./restore

2007-01-01 Thread Justin Pryzby 
tag 403798 patch
retitle 403798 john: don't clobber the default restore file name
forwarded 403798 solar!openwall!com
thanks

Included is a patch to prevent john from clobbering the default restore
file name on its initial (non-restore) invocation.  I'm not thrilled
about the level of elegance, and the implications of re-overwriting the
flags is not clear me.  It might turn out to be necessary (or cleanest)
to introduce a new global variable, int was_restored.

Alex, please feel free to comment.  Ideally, Debian would apply the same
patch used upstream (but perhaps before you make a new release).

Happy y2k5,
Justin

References

[0] http://bugs.debian.org/403798

diff -u john-1.6/debian/changelog john-1.6/debian/changelog
--- john-1.6/debian/changelog
+++ john-1.6/debian/changelog
@@ -1,3 +1,25 @@
+john (1.6-33.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Don't clobber unfortunately files with the default restore name
+Closes: #403798
+
+The logic is:
+  If a restore file is specified, and the file exists, then it is used as
+  a restore point
+
+  If a restore file is specified, and it does not exist john exits with an
+  error message.
+  TODO: This should allow specification of a new restore file to be
+  created, but also should detect when a nonextant restore file is
+  specified (warn?)
+
+  If no restore file is specified, john will error during initialization
+  if the default name of the restore file exists.  Otherwise, it will
+  periodically save its state to that filename.
+
+ -- Justin Pryzby [EMAIL PROTECTED]  Mon,  1 Jan 2007 18:27:40 -0500
+
 john (1.6-33) unstable; urgency=medium
 
   * Fixed cronjob so that it doesn't send empty e-mails when no
only in patch2:
unchanged:
--- john-1.6.orig/src/options.c
+++ john-1.6/src/options.c
@@ -125,6 +125,7 @@
 
if (options.flags  FLG_RESTORE_CHK) {
rec_restore_args(1);
+   options.flags|=FLG_RESTORE_CHK;
return;
}
 
only in patch2:
unchanged:
--- john-1.6.orig/src/recovery.c
+++ john-1.6/src/recovery.c
@@ -55,12 +55,19 @@
 
 void rec_init(struct db_main *db, void (*save_mode)(FILE *file))
 {
+   int mode=0;
rec_done(1);
 
if (!rec_argc) return;
+   else if (!(options.flags  FLG_RESTORE_CHK)) {
+   // The name of the default restore file shouldn't be
+   // overwritten if -restore isn't specified. 
+   mode|=O_EXCL;
+   }
 
-   if ((rec_fd = open(path_expand(rec_name), O_RDWR | O_CREAT, 0600))  0)
+   if ((rec_fd = open(path_expand(rec_name), O_RDWR|O_CREAT|mode, 0600))  
0)
pexit(open: %s, path_expand(rec_name));
+
rec_lock();
if (!(rec_file = fdopen(rec_fd, w))) pexit(fdopen);
 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]