Your message dated Tue, 26 Sep 2006 01:32:31 -0500 with message-id <[EMAIL PROTECTED]> and subject line The rootkit checker is the one that is buggy has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: flex Version: 2.5.33-9 Severity: wishlist Flex should avoid a path that can trigger a false positive from chkrootkit. The relevant part from that: ### Showtee if [ "${QUIET}" != "t" ];then printn "Searching for Showtee... "; fi if [ -d ${ROOTDIR}usr/lib/.egcs ] || [ -f ${ROOTDIR}usr/lib/libfl.so ] || \ <<<<<<<<<<<<<<<<<<<<< [ -d ${ROOTDIR}usr/lib/.kinetic ] || [ -d ${ROOTDIR}usr/lib/.wormie ] || \ [ -f ${ROOTDIR}usr/lib/liblog.o ] || [ -f ${ROOTDIR}usr/include/addr.h ] || \ [ -f ${ROOTDIR}usr/include/cron.h ] || [ -f ${ROOTDIR}usr/include/file.h ] || \ [ -f ${ROOTDIR}usr/include/proc.h ] || [ -f ${ROOTDIR}usr/include/syslogs.h ] || \ [ -f ${ROOTDIR}usr/include/chk.h ]; then echo "Warning: Possible Showtee Rootkit installed" else if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi While I readily agree that flex should not be installed on a machine directly connected to the Internet, I don't think it is unreasonably paranoid (of course...) to run chkrootkit on a desktop machine that interacts with the Internet as a client a lot. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (100, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-k7 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages flex depends on: ii debconf [debconf-2.0] 1.5.4 Debian configuration management sy ii libc6 2.3.6.ds1-4 GNU C Library: Shared libraries ii m4 1.4.6-2 a macro processing language Versions of packages flex recommends: ii gcc [c-compiler] 4:4.1.1-7 The GNU C compiler ii gcc-2.95 [c-compiler] 1:2.95.4-27 The GNU C compiler ii gcc-3.2 [c-compiler] 1:3.2.3-9 The GNU C compiler ii gcc-3.3 [c-compiler] 1:3.3.6-13 The GNU C compiler ii gcc-3.4 [c-compiler] 3.4.6-4 The GNU C compiler ii gcc-4.0 [c-compiler] 4.0.3-3 The GNU C compiler ii gcc-4.1 [c-compiler] 4.1.1-13 The GNU C compiler -- debconf information: flex/upgrade/pre_2.5.5: false
--- End Message ---
--- Begin Message ---Hi, The obviously right thing to do here is to fix a naively simple rootkit checker. Doing security by file names is seriously broken. manoj -- QOTD: "I drive my car quietly, for it goes without saying." Manoj Srivastava <[EMAIL PROTECTED]> <http://www.golden-gryphon.com/> 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--- End Message ---
