Comment 3 for bug 575945
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote Re: chkrootkit falsely flags files owned by Firefox 3 and Sun Java 6 valid packages | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
This is a well-known issue, and is mentioned in /usr/share/
Simply put, chkrootkit should not contain a whitelist of acceptable dotfiles by default, as a rootkit could simply use the files listed in the whitelist as known good hiding places.
That being said, the newer Debian/Ubuntu packages contain a patch that adds a "-e" option that lets administrators add their own whitelist. I think this is a reasonable idea and it should be included in the hardy package so chkrootkit can be used by system admins without constantly getting false positives.