alpha perl-cops, part 0

Dan Farmer df at sei.cmu.edu
Fri May 17 14:45:11 AEST 1991


(BTW, The source code for all of this is also available via anon-ftp, at
cert.sei.cmu.edu, in ~ftp/pub/cops/perl.alpha.)

====================================
Miscellaneous notes
====================================

  Hello -- this is what everyone has been waiting for, the alpha (!!!) 
release of perl-cops, or p-cops.  This should be functionally equivalent
to version 1.02 of the normal, or shell/C version of cops, with everything
rewritten in perl, with the exception of the CRC checking stuff (sorry,
no one had the guts (insanity) to do it :-)).  It still calls a couple
of Un*x programs to do some dirty work -- diff, find, and some other
things, but should require nothing other than a working version of perl,
version xyz (I haven't tried it with earlier versions; it uses "require",
tho, which shouldn't stop you if you are determined; I don't think it 
uses anything else special) and a working Un*x (I'll pass this opportunity
to make some snide remarks about what Un*x's actually work, here...)
It is completely under tested, under documented, and probably has it's
share of bugs.  I'm pretty sure it works on Tom Christiansen's and my 
machine (actually, it has some problems on my decstation, but works fine
on the sparc next to me), but that's about all I'll vouch for right now.
Send bugs, problems, comments, and flames to me -- df at cert.sei.cmu.edu (If
you hurry, we'll get a beta release out in a short while.  What a deal!)

  As a bonus, there are a couple of new features to this, which may or
may not show up in the normal version.  First, there is a config file
("cops.cf") that should hold all the little stupid variable things.  This
makes it a lot easier to run this sucker on multiple host types; you can
just say "cops -c config.sun4" or whatever, and it sucks up the info for
that machine type.  I'll put a separate section on how to use this little 
gem down below.  Second, now when you check for writable files inside 
things like /etc/rc and crontab and such, you can specify the search to 
be recursive; so if you have a line like this in /etc/rc:

/usr/bin/foo > /dev/console

  It will examine "/usr/bin/foo" for programs inside of it -- and it will
keep going until it has exhausted all possibilities.  So you can get warning
messages like:

Warning!  File /foo/bar (inside /usr/local/X11R4/bin/X inside /usr/local/X11R4
/bin/xdm inside /etc/rc.local) is _World_ writable!

  Fun stuff.  No one can hide, now.  This will probably *not* show up in
the normal cops package, 'cause the string lengths this generates can easily
go beyond what little the shell can comprehend.

  Finally, it includes an even better version of Kuang.  Steve is still
working on yet another bigger and better version.

====================================
End notes --
====================================

  To get all this running, you might find it helpful to read the README
file.  A word to the wise, that's all...

  When a stable version of this is ready, when I get all of my other changes
done to the normal cops, and finally when I get the new changes propagated
back to the perl cops, I'll post the final 1.03 version, which should have
equivalent shell and perl code.  This will be the last time for that, methinks.
I've got some plans for doing some networking stuff, using cops to figure
out what goes on in the mind(s) of the network, and it's a bit too difficult
(actually, it takes too long!) to write everything in C and shell (BTW,
anyone who is into hacking security network stuff and understands a bit of 
kuang-eese can contact me, if you really want to do some further serious 
work.)

  Tremendous thanks go to Tom Christiansen, who almost single-handedly did
the port to perl (well, he probably did 50% of the code, and bashed on the
entire version to make it work right), and the rest of the perl crew (in
no particular order); Steve Romig, Jeff Kellem, Mitch Wright, Matthew
Farwell, Martin Foord, David Lawrence, Vik Lall, Brian Utterback, Terry 
McGonigal, and Chris (ckd at cs.bu.edu).

  Enjoy!
  -- dan



More information about the Alt.sources mailing list