chkrootkit kills random processes
Bug #279752 reported by
Alexander Perlis
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chkrootkit (Ubuntu) |
Fix Released
|
Undecided
|
Kees Cook | ||
Hardy |
Fix Released
|
Undecided
|
François Marier |
Bug Description
To test for Enye LKM, chkrootkit 0.47-1.1 blindly sends a signal to PID 12345 without regard as to what might be running at PID 12345, which might be a crucial daemon related to system security or system access. It is common to run chkrootkit on a regular basis as a cron job. Because of the potential to randomly kill an important process, this should be considered a security bug.
This has been fixed in Debian chkrootkit 0.47-2. See Debian bug report #421864, and also Debian bug report #457828.
I suggest Ubuntu make the same fix and get it into the security updates for hardy. Thanks!
Related branches
Changed in chkrootkit: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. I have marked it as public, since it is not a private issue. Additionally, this has already been fixed in the development release (which has chkrootkit 0.48-5). Please feel free to report any other bugs you may find.