Package: chkrootkit Version: 0.58b-3 Severity: normal I was wondering why my /tmp is never cleared by systemd-tmpfiles, and tried playing around with the settings in /etc/tmpfiles.d, but it didn't help.
I then discovered the source of the problem: chkrootkit updates the access times of all the files in /tmp as it checks them, meaning that they are always viewed as recently accessed and so never cleaned. This is clearly not desirable behaviour; chkrootkit shouldn't be modifying the access times. But obviously, chkrootkit is accessing the files, so the access times will be updated by default. It should therefore record the access time prior to accessing the file and reset it to that time afterwards (presumably using utimes(2) or similar). This apparently will require CAP_FOWNER privileges (as mentioned in systemd-tmpfiles(8)). Best wishes, Julian
