Marcos Fouces <[email protected]> writes: > Hello Richard, > > i merged your requests for chkrootkit. > > IMHO, the best way to start contributing is exactly what you did! > (Merge requests)
Thanks, this is good news :). I started looking at the code and bugs, but got side-tracked: It seems to me that patch 27 (from july 2020) in debian/patches is problematic. I was not able to understand most of what patch 27 is trying to do, but it seems to me that: 1. Patch 27 is re-introducing an "interesting feature" where chkproc (a C programme run by chkrootkit) sends kill signals to pid 1 and 12345 see if they might be rootkits (!). These are in the upsteam code, but in 2008 debian's patch #5 commented out that code to fix https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457828 Patch 27 has apparently reversed this fix and the debian version of chkproc.c (after all debian's patching) includes the kill signals again. (i think they occur less often than before, so maybe the new bug is less 'critical') 2. Patch 27 is also the sole cause of the "OooPS" messages reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982998 These come from MAX_PROCESSES in chkproc.c being too low. upstream has set MAX_PROCESSES to > 4 million since 2014, but patch 27 apparently reset it back to 99999. I think someone more knowledgable in C than me should look at this patch and see whether it is valid or not.
