Package: chkrootkit
Version: 0.49-4
Severity: normal
Tags: patch
The check for the LOC rootkit has a flaw that ensures that chkrootkit
exists if a file or directory named xp is created in /tmp. Just creating
an empty xp file in /tmp ensures that chkrootkit exists without
completing it's scan.
The problem is in the loc() function in chkootkit.
Attached are two patches either one of which should fix the problem. The
first fixes the loc() function to use return instead of exit (the reason
that this currently works in most cases is that the script usually
starts a subshell to run loc()). The second patch fixes the problem at
the place where the loc() function is called.
-- System Information:
Debian Release: 6.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages chkrootkit depends on:
ii binutils 2.20.1-16 The GNU assembler, linker and bina
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib
ii net-tools 1.60-23 The NET-3 networking toolkit
ii procps 1:3.2.8-9 /proc file system utilities
--
-- arthur de jong - art...@west.nl - west consulting b.v. --
Author: Arthur de Jong <art...@west.nl>
Description: fix a problem in the loc() function to not exit
--- a/chkrootkit
+++ b/chkrootkit
@@ -1178,7 +1178,7 @@
.)
if test -d $dir/$thing; then
echo $dir
- exit 0
+ return 0
fi
;;
*)
@@ -1187,7 +1187,7 @@
done
if test -f $thisthing; then
echo $thisthing
- exit 0
+ return 0
fi
;;
esac
@@ -1197,7 +1197,7 @@
else
echo "${ROOTDIR}${dflt}"
fi
- exit 1
+ return 1
}
getCMD() {
Author: Arthur de Jong <art...@west.nl>
Description: handle calls to the loc() function consistently
--- a/chkrootkit
+++ b/chkrootkit
@@ -950,7 +950,7 @@
if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
else
echo "${files}"
- loc epic epic $pth
+ echo `loc epic epic $pth`
fi
### Romanian rootkit
