Package: tripwire
Version: 2.4.3.7-4+b2
Severity: important
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear Maintainer,
Starting tripwire with either --check or --test (at least) causes
it to segfault almost immediately. I would guess that the most likely
cause of this is the new version of libc6 that arrived in testing this
morning (a similar problem has been noted before: see bug #994910, for
example).
Here's what I get when I run it in check mode:
> root:~# tripwire --check --interactive
> Software interrupt forced exit: Arithmetic Exception
> Software interrupt forced exit: Segmentation Fault
> root:~#
Here's an strace of the last few steps:
> openat(AT_FDCWD, "/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2",
> O_RDONLY|O_CLOEXEC) = 3
> read(3,
> "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\247\1\0\0\0\0\0"..., 832)
> = 832
> newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=206640, ...}, AT_EMPTY_PATH)
> = 0
> mmap(NULL, 209464, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0x7f62929c7000
> mmap(0x7f62929c8000, 151552, PROT_READ|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f62929c8000
> mmap(0x7f62929ed000, 40960, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE,
> 3, 0x26000) = 0x7f62929ed000
> mmap(0x7f62929f7000, 16384, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2f000) = 0x7f62929f7000
> close(3) = 0
> mprotect(0x7f62929f7000, 8192, PROT_READ) = 0
> mprotect(0x7f62927ee000, 16384, PROT_READ) = 0
> mprotect(0x7f6292ca8000, 4096, PROT_READ) = 0
> prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024,
> rlim_max=RLIM64_INFINITY}) = 0
> --- SIGFPE {si_signo=SIGFPE, si_code=FPE_INTDIV, si_addr=0x7f6292750d85} ---
> write(2, "Software interrupt forced exit: "..., 53Software interrupt forced
> exit: Arithmetic Exception
> ) = 53
> --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x421} ---
> write(2, "Software interrupt forced exit: "..., 51Software interrupt forced
> exit: Segmentation Fault
> ) = 51
> exit_group(8) = ?
> +++ exited with 8 +++
.....Ron Murray
- --
Ron Murray <r...@rjmx.net>
PGP Fingerprint: 4D99 70E3 2317 334B 141E 7B63 12F7 E865 B5E2 E761
- -- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.19.1.khufu (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages tripwire depends on:
ii debconf [debconf-2.0] 1.5.79
ii sendmail-bin [mail-transport-agent] 8.17.1.9-1
tripwire recommends no packages.
tripwire suggests no packages.
- -- Configuration Files:
/etc/tripwire/twpol.txt changed:
@@section GLOBAL
TWBIN = /usr/sbin;
TWETC = /etc/tripwire;
TWVAR = /var/lib/tripwire;
@@section FS
SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change
SEC_BIN = $(ReadOnly) ; # Binaries that should not change
SEC_CONFIG = $(Dynamic) ; # Config files that are changed
# infrequently but accessed
# often
SEC_LOG = $(Growing) ; # Files that grow, but that
# should never change ownership
SEC_INVARIANT = +tpug ; # Directories that should never
# change permission or ownership
SIG_LOW = 33 ; # Non-critical files that are of
# minimal security impact
SIG_MED = 66 ; # Non-critical files that are of
# significant security impact
SIG_HI = 100 ; # Critical files that are
# significant points of
# vulnerability
(
rulename = "Tripwire Binaries",
severity = $(SIG_HI)
)
{
$(TWBIN)/siggen -> $(SEC_BIN) ;
$(TWBIN)/tripwire -> $(SEC_BIN) ;
$(TWBIN)/twadmin -> $(SEC_BIN) ;
$(TWBIN)/twprint -> $(SEC_BIN) ;
}
(
rulename = "Tripwire Data Files",
severity = $(SIG_HI)
)
{
$(TWVAR)/$(HOSTNAME).twd -> $(SEC_CONFIG) -i ;
$(TWETC)/tw.pol -> $(SEC_BIN) -i ;
$(TWETC)/tw.cfg -> $(SEC_BIN) -i ;
$(TWETC)/$(HOSTNAME)-local.key -> $(SEC_BIN) ;
$(TWETC)/site.key -> $(SEC_BIN) ;
#don't scan the individual reports
$(TWVAR)/report -> $(SEC_CONFIG) (recurse=0) ;
}
(
rulename = "Critical system boot files",
severity = $(SIG_HI)
)
{
/boot -> $(SEC_CRIT) ;
/lib/modules -> $(SEC_CRIT) ;
}
(
rulename = "Boot Scripts",
severity = $(SIG_HI)
)
{
/etc/init.d -> $(SEC_BIN) ;
/etc/rcS.d -> $(SEC_BIN) ;
/etc/rc0.d -> $(SEC_BIN) ;
/etc/rc1.d -> $(SEC_BIN) ;
/etc/rc2.d -> $(SEC_BIN) ;
/etc/rc3.d -> $(SEC_BIN) ;
/etc/rc4.d -> $(SEC_BIN) ;
/etc/rc5.d -> $(SEC_BIN) ;
/etc/rc6.d -> $(SEC_BIN) ;
/etc/systemd -> $(SEC_BIN) ;
}
(
rulename = "Root file-system executables",
severity = $(SIG_HI)
)
{
/bin -> $(SEC_BIN) ;
/sbin -> $(SEC_BIN) ;
}
(
rulename = "Root file-system libraries",
severity = $(SIG_HI)
)
{
/lib -> $(SEC_BIN) ;
}
(
rulename = "Security Control",
severity = $(SIG_MED)
)
{
/etc/passwd -> $(SEC_CONFIG) ;
/etc/shadow -> $(SEC_CONFIG) ;
}
(
rulename = "Root config files",
severity = 100
)
{
/root -> $(SEC_CRIT) ; # Catch all
additions to /root
/root/.bashrc -> $(SEC_CONFIG) ;
/root/.bash_profile -> $(SEC_CONFIG) ;
/root/.Xdefaults -> $(SEC_CONFIG) ;
/root/.Xauthority -> $(SEC_CONFIG) -i ; # Changes Inode
number on login
/root/.ICEauthority -> $(SEC_CONFIG) ;
}
(
rulename = "Devices & Kernel information",
severity = $(SIG_HI),
)
{
/dev -> $(Device) ;
}
(
rulename = "Things that change all the time",
severity = 0
)
{
/etc/cups/printers.conf -> $(IgnoreAll)
;
/etc/cups/printers.conf.O -> $(IgnoreAll)
;
/etc/cups/subscriptions.conf -> $(IgnoreAll) ;
/etc/cups/subscriptions.conf.O -> $(IgnoreAll) ;
/root/.bash_history ->
$(IgnoreAll) ;
/root/.cache/dconf/user -> $(IgnoreAll)
;
/root/.emacs.d/auto-save-list -> $(IgnoreAll) ;
/root/.gnupg/random_seed -> $(IgnoreAll)
;
/root/.lesshst ->
$(IgnoreAll) ;
/root/.local/share/lftp/transfer_log -> $(IgnoreAll) ;
/root/.mc
-> $(IgnoreAll) ;
/root/.viminfo ->
$(IgnoreAll) ;
/root/.xsession-errors -> $(IgnoreAll)
;
}
(
rulename = "Other configuration files",
severity = $(SIG_MED)
)
{
/etc -> $(SEC_BIN) ;
}
(
rulename = "Other binaries",
severity = $(SIG_MED)
)
{
/usr/local/sbin -> $(SEC_BIN) ;
/usr/local/bin -> $(SEC_BIN) ;
/usr/sbin -> $(SEC_BIN) ;
/usr/bin -> $(SEC_BIN) ;
/opt -> $(SEC_BIN) ;
}
(
rulename = "Other libraries",
severity = $(SIG_MED)
)
{
/usr/local/lib -> $(SEC_BIN) ;
/usr/lib -> $(SEC_BIN) ;
/usr/share/perl5 -> $(SEC_BIN) ;
}
(
rulename = "Invariant Directories",
severity = $(SIG_MED)
)
{
/ -> $(SEC_INVARIANT) (recurse = 0) ;
/home -> $(SEC_INVARIANT) (recurse = 0) ;
/tmp -> $(SEC_INVARIANT) (recurse = 0) ;
/usr -> $(SEC_INVARIANT) (recurse = 0) ;
/var -> $(SEC_INVARIANT) (recurse = 0) ;
/var/tmp -> $(SEC_INVARIANT) (recurse = 0) ;
}
- -- debconf information:
tripwire/upgrade: true
tripwire/local-passphrase-incorrect: false
tripwire/change-in-default-policy:
tripwire/email-report:
* tripwire/installed:
* tripwire/rebuild-policy: true
* tripwire/use-localkey: true
tripwire/site-passphrase-incorrect: false
* tripwire/rebuild-config: true
tripwire/broken-passphrase:
* tripwire/use-sitekey: true
-----BEGIN PGP SIGNATURE-----
iQJCBAEBCgAsFiEETZlw4yMXM0sUHntjEvfoZbXi52EFAmL6ubAOHHJqbXhAcmpt
eC5uZXQACgkQEvfoZbXi52H8ow//cMDpAoJ4Hf33IXbM4taKSjsehtDj9n2pFbiV
k86HrC6Z8bLtfb39ntdIx57EC5coXDA2JRtrrPnEsmHhb6hc6wYtOFzwVKGGbxeI
cMk4ZZ+jZ/WjXRTLvatl5QcXIB46s1EOSVpzS8Fp2ufI5seRlmWza9QQeYi1SJxc
rqWpIUGKjuzmBIwXlACy6jo6rDZ0VJyYSnMCe69LHzqGbBVgrHTg28apto+T/dNp
d/xT9ukjqIKGpXa1hCmoDkKovcKSbA7MXdo6HuKEbo1aQBt9nn99M5vimY+LrEtA
bf+PuqRTnCvpW94MqAnTsCzuDWeoNgvZqGHUes2WZee8dKKN2Hutz3gxUZdHvgrY
b9z4XNsg8Tf1DFFeZeQhqay6XM1R3DISkx9XB1UT+ROPISDiaO9Uzl+jSPiunam2
1hKb502afBAEF+P1cJ4aGSpJxfrZtAtj2YOsKiqhuNoyRgOHNhj42bT4+dd6tDKn
dUWfpMLL0D7h5B53CQC2YmLCfEfFcw68LxyaYy4+ei4RvcP7RW1HfzJuYO5atbz3
HIqbwmBIty8EQNJSCzq0G40X/2voofe/j7waZLBUvOoX8PmUgV46gojqwFmIgWSK
LWS8c9xlTT8wIFLR35AUXCq6KrrYdXX0o9UJmxbKasE/ZwrQAh2IVddB0IodXwmM
5iLMtaw=
=k/pB
-----END PGP SIGNATURE-----
