Package: chkrootkit Version: 0.49-4 Severity: important Tags: patch Hi,
the check for suspect PHP files is broken by design. 1. Any non-text file contents confuse the results of the grep if they match. 2. Not file names are printed, but file contents. That can't be what the check is supposed to achieve. This patch fixes '/usr/bin/find: head terminated by signal 13' errors and prints affected file names instead of their content. Debian bug #588121 is partly affected by this issue as well. Please accept the attached patch. Thanks Andi -- System Information: Debian Release: 6.0.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686-bigmem (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages chkrootkit depends on: ii binutils 2.20.1-16 The GNU assembler, linker and bina ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii net-tools 1.60-23 The NET-3 networking toolkit ii procps 1:3.2.8-9squeeze1 /proc file system utilities chkrootkit recommends no packages. chkrootkit suggests no packages. -- debconf information: * chkrootkit/run_daily: false chkrootkit/run_daily_opts: -q chkrootkit/diff_mode: false
Author: Andreas Stempfhuber <a...@afulinux.de> Description: The check for suspect PHP files is broken by design. 1. Any non-text file contents confuse the results of the grep if they match. 2. Not file names are printed, but file contents. That can't be what the check is supposed to achieve. This patch fixes '/usr/bin/find: head terminated by signal 13' errors and prints affected file names instead of their content. --- a/chkrootkit +++ b/chkrootkit @@ -1152,9 +1152,9 @@ printn "Searching for suspect PHP files... "; fi files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`" if [ `echo abc | head -n 1` = "abc" ]; then - fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -n 1 {} \; | $egrep '#!.*php' 2> /dev/null`" + fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -n 1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`" else - fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | grep '#!.*php' 2> /dev/null`" + fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`" fi if [ "${files}" = "" -a "${fileshead}" = "" ]; then if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi