false positive on tcpd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chkrootkit (Debian) |
Fix Released
|
Unknown
|
|||
chkrootkit (Ubuntu) |
Fix Released
|
Low
|
Thomas Ward | ||
Bionic |
Fix Released
|
Low
|
Thomas Ward | ||
Cosmic |
Fix Released
|
Low
|
Thomas Ward | ||
Disco |
Fix Released
|
Low
|
Thomas Ward |
Bug Description
[Impact]
chkrootkit will return false positives for tcpd detections as "infected" when tcpd is not present on a system.
[Test Case]
* Install chkrootkit, run chkrootkit checks.
* Without the patch, chkrootkit should return "INFECTED" in its detections for tcpd.
* With the debdiff, it should say "not present" or "not infected".
[Regression Potential]
* Regression risk is limited. The only change with this patch and debdiff is that we reinitialize the CMD variable in the test to "empty" before utilizing CMD, which clears the bug if "/bin/tar" from the previous test being still used in the script for testing tcpd. No other chkrootkit bits are, based on my testing, affected by this change.
[Other Info]
* Patch was provided by Francois Mariner from Debian
[Original Description]
This has apparently been a thing since at least 16.04
Install a clean version of Ubuntu, install chkrootkit, run a check.
tcpd will report as infected.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: chkrootkit 0.52-1
ProcVersionSign
Uname: Linux 4.15.0-
NonfreeKernelMo
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
CurrentDesktop: MATE
Date: Mon Dec 17 18:30:29 2018
InstallationDate: Installed on 2018-12-05 (12 days ago)
InstallationMedia: Ubuntu-MATE 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
SourcePackage: chkrootkit
UpgradeStatus: No upgrade log present (probably fresh install)
tags: | added: server-next |
tags: | added: bitesize |
tags: | added: cosmic disco |
Changed in chkrootkit (Debian): | |
status: | Unknown → New |
description: | updated |
Changed in chkrootkit (Debian): | |
status: | New → Fix Committed |
Changed in chkrootkit (Debian): | |
status: | Fix Committed → Fix Released |
Thanks for reporting this. Confirmed in disco (upcoming 19.04) too.