[SRU] chkrootkit falsely flags files owned by Firefox 3 and Sun Java 6 valid packages
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chkrootkit (Ubuntu) |
Fix Released
|
Low
|
Marc Deslauriers | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: chkrootkit
Id like to request an SRU for this package.
IMPACT: It produces false positives for common desktop applications. chkrootdisk is suggested as one of many security tools to install in our official docs:
https:/
HOW IT S BEEN ADRESSED: This is a know issue that has been addressed in the next version that came out. Specifically, an option has been added to ignore false positives (#406493, #426068 according to changelog for version 0.48-5).
Steps to reproduce:
- Make sure Firefox 3 and Sun Java JRE 6 are installed (firefox-3.0 sun-java6-jre)
- Install chkrootkit
- sudo chkrootkit -q
Output:
The following suspicious files and directories were found:
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/lib/modules/
/usr/bin/find: //home/
/usr/bin/find: //home/
eth0: PACKET SNIFFER(
ProblemType: Bug
Architecture: i386
Date: Wed May 5 14:28:57 2010
DistroRelease: Ubuntu 8.04
Package: chkrootkit 0.47-1.1ubuntu0.1
PackageArchitec
ProcEnviron:
PATH=/
LANG=en_CA.UTF-8
SHELL=/bin/bash
SourcePackage: chkrootkit
Uname: Linux 2.6.24-27-generic i686
Related branches
Changed in chkrootkit (Ubuntu): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in chkrootkit (Ubuntu): | |
status: | Confirmed → Incomplete |
Changed in chkrootkit (Ubuntu): | |
status: | Incomplete → Confirmed |
Confirming; the same can be seen on my system. However, given that these are false positives, and *some* false positives are to be expected when dealing with security testing software, setting prioriy to Low.
Fabián, if you feel this needs to be re-evaluated, don't hesitate to bring it up :)