cron.daily/aide incorrectly handles certain filenames
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
aide (Ubuntu) |
Confirmed
|
Low
|
Unassigned |
Bug Description
Binary package hint: aide
My "Daily AIDE report" reported the following:
-- snip --
The following software updates were detected and were filtered from this list:
coreutils
-- snip--
yet it did not filter the files in the package list like it was supposed to, for example, it still reported these to changes:
changed: /usr/share/
changed: /usr/bin/[
Which caused /etc/cron.
-- snip --
Anacron job 'cron.daily' on cylon
/etc/cron.
grep: Unmatched [ or [^
grep: Unmatched [ or [^
-- snip --
As you can see, the aide shell script is reading the name of a file that include's a left square bracket and grep is trying to interpret that as a regular expression. I narrowed down the problem to two lines here:
/etc/cron.
and
/etc/cron.
Those two lines should be fixed such that the bash variables escape any regular expressions before passed to grep.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: aide-common 0.13.1-11ubuntu2
ProcVersionSign
Uname: Linux 2.6.32-25-generic x86_64
NonfreeKernelMo
Architecture: amd64
Date: Mon Oct 11 10:50:37 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
PackageArchitec
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: aide
summary: |
- cron.daily/aide will execute arbitrary regex + cron.daily/aide incorrectly handles certain filenames |
visibility: | private → public |
Changed in aide (Ubuntu): | |
assignee: | Marc Deslauriers (mdeslaur) → nobody |
grep has a -F option to search for a fixed string, which would work for line 328, but I am not sure how you would accomplish the same thing for line 350 which has a valid regular expression and then a filename that should be treated as a fixed string.