Hey all, I've submitted a fix for chkrootkit port, to solve the false positives on FreeBSD 5 and higher: http://www.freebsd.org/cgi/query-pr.cgi?pr=55919 The topic, btw, should be "Teach security/chkrootkit about FreeBSD 5", but it's not my first typo today. Maintainer, please approve. Authors, please see if you can include the changes. I also fixed a minor bug in chk_vdir. Everyone else, please test it, as it was only tested on my 5.0 box. Best Regards, Yonatan
> -----Original Message----- > From: Nelson Murilo [mailto:nelson@pangeia.com.br] > Sent: Sunday, August 24, 2003 14:51 > To: Yonatan Bokovza > Cc: freebsd-security@freebsd.org; cordeiro@luinil.nic.br; > jessen@nic.br > Subject: Re: [solution] chkrootkit reports infected files > > > > Hi Yonatan, > > I fixed all bugs in 5.x in 0.42 (next release), I look for > your patch for chk_vdir. > > Thanks a lot for your interest in chkrootkit,The difference is in chk_vdir: - if [ -r ${CMD} ]; then + if [ ! -r ${CMD} ]; then As things stands now, this returns NOT_FOUND if the file is readable, and errors out if the file doesn't exist, or isn't readable.
Hi Yonatan, I fixed all bugs in 5.x in 0.42 (next release), I look for your patch for chk_vdir. Thanks a lot for your interest in chkrootkit, ./nelson -murilo On Sun, Aug 24, 2003 at 01:41:52PM +0300, Yonatan Bokovza wrote:> Hey all, > I've submitted a fix for chkrootkit port, to solve the > false positives on FreeBSD 5 and higher: > http://www.freebsd.org/cgi/query-pr.cgi?pr=55919 > The topic, btw, should be "Teach security/chkrootkit > about FreeBSD 5", but it's not my first typo today. > > Maintainer, please approve. > Authors, please see if you can include the changes. > I also fixed a minor bug in chk_vdir. > Everyone else, please test it, as it was only tested > on my 5.0 box. > > > Best Regards, > Yonatan