> (However, it seems to me that not every cmd in cmdlist is always
> invoked as ${cmd} - something to investigate)I started a patch to replace all uses of cmd with $cmd, however, i found that it actually broke the test of .php files (!). Probably i messed up, but it seems it needs more thought than a simple search+replace (probably a single quote/expansion issue). So i didnt push that anywhere yet. will revisit at some point. What i didn't do is check that all the debian patches were not introducing plan "cmd" instead of "$cmd", i suspect some of them are. More generally, the concept of '-p' is a bit inconsistent. - echo is included in cmdlist but the code is strewn with plan "echo" rather than "$echo". - the code that sets the $cmd variables relies on several utilities that you wouldnt trust if you were using "-p", i wonder if it really works to replace all the commands in cmdlist More more generally, shellcheck spots over 100 issues in chkrootkit, some of which look like potential issues if malware used unusual file names
