Bug#1004232: chkrootkit: overzealous Linux.Xor.DDoS warnings

Sun, 23 Jan 2022 01:30:15 -0800 

Package: chkrootkit
Version: 0.55-4
Severity: normal
Tags: upstream

Hello,

chkrootkit reports this:

Searching for Linux.Xor.DDoS ...                            INFECTED: Possible 
Malicious Linux.Xor.DDoS installed
/tmp/lynx-2.9.0dev.10/configure
/tmp/lynx-2.9.0dev.10/.pc/30_build_path_in_binary.diff/scripts/cfg_defs.sh
/tmp/lynx-2.9.0dev.10/.pc/21_do_not_strip_-g.diff/configure
/tmp/lynx-2.9.0dev.10/debian/rules
/tmp/lynx-2.9.0dev.10/install-sh
/tmp/lynx-2.9.0dev.10/config.sub
/tmp/lynx-2.9.0dev.10/scripts/cfg_defs.sh
[...]

The source code of chkrootkit says:

files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"

Well, yes, I do have executable files in /tmp: whenever I use "apt
source" there there is at least debian/rules, and ./configure, etc.

This looks like an overzealous check, and copying the result to
/var/log/chkrootkit/log.expected won't fly of course.

Samuel

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 
'proposed-updates-debug'), (500, 'proposed-updates'), (500, 
'oldstable-proposed-updates-debug'), (500, 'oldstable-proposed-updates'), (500, 
'oldoldstable'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), 
(500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.16.0 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages chkrootkit depends on:
ii  libc6  2.33-2

Versions of packages chkrootkit recommends:
ii  binutils   2.37-10.1
ii  iproute2   5.16.0-1
ii  net-tools  1.60+git20181103.0eebece-1
ii  procps     2:3.3.17-6

chkrootkit suggests no packages.

-- no debconf information

-- 
Samuel
In mutt, type cthis
Dans mutt, taper cceci

Reply via email to