On Fri, 14 Feb 2020 23:15:08 +0100 Christian Kastner wrote: [...] > On 14.02.20 20:21, Axel Beckert wrote: [...] > > IMHO this is a bug in rkhunter, but it could also be solved in > > keyutils by bumping the SONAME again, i.e. skipping this SONAME > > version explicitly. But feel free to reassign. > > The SONAME wasn't changed. keyutils used versioned symbols, so that file > above actually generates a symbol keyctl_move@KEYUTILS_1.9 (you can see > it in libkeyutils1.symbols).
OK, I am about to say something very idiotic here, because I am not too familiar with versioned symbols in libraries. Hence, please bear with me... Is it wrong (or too late) to change that symbol into keyctl_move@KEYUTILS_1.10 ? Would that bump the SONAME again and generate libkeyutils.so.1.10 ? > > The only way I can see this changing properly is when a new symbol gets > added. I could maybe hack around this now, but I am not sure that doing > so would be the right solution, if the problem is rkhunter only matching > on a filename (not size, content, etc.). Because what would rkhunter do > when somewhat starts calling a malware file "grep" or something... That's an interesting question, I have no idea about that... > > I'll have to think about this... Please let me know, as soon as you make up your mind. I had to downgrade libkeyutils1 and pin it to version 1.6-6, in order to getting an annoying daily alert (via local mail) from rkhunter. I would love to see this issue solved soon. Thanks for your time and understanding. Bye! -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgprogarqho5D.pgp
Description: PGP signature
