Re: ckrootkit - issues with patch number 27 (was Re: Offering to help - chkrootkit and rkhunter)
Hello Richard, I merged your (big) request and credited you in d/copyright. Many thanks for this great contribution! As you say that you are still working on some pending errors, I didn't upload a new package for now. Greetings, Marcos
Re: ckrootkit - issues with patch number 27 (was Re: Offering to help - chkrootkit and rkhunter)
Hi richard I will try to review it this week. You seem to have worked a lot! Greetings. arcos El jue, 28-10-2021 a las 20:51 +0100, RL escribió: > Marcos Fouces > writes: > > > Upstream was agree to do a deeper review of all patches in the > > package > > and include them (or not) in the next release. > > > > This is fantastic, I've been looking through bugs and what started as a > simple "allow the cron job to run under ionice" grew a bit - I decided > i > should add some autopkgtests and that led to spotting quite a few > things, some of which were already in the bug list and some were not > (but could be - i wasnt sure it was worth reporting, but i can do.) > > I've submitted a merge-request that fixes about 8 of the 16 bugs > reported. Unfortunately i needed to add a few more patches (but only to > fix things) > > The tests works for me when i build the package with gbp and sbuild, > however > * the salsa the ci system tries to run the autopkgtests but it hangs > running the chkrootkit binary. If i read the logs right, salsa is using > lxc and > bug #872379 does say chkrootkit hangs inside lxc. > > I will investigate but lxc but I thought i would submit the merge > request before expanding it further! > > Let me know what you think. > > Richard > > > Greetings, > > Marcos > > > > > > El dom, 03-10-2021 a las 01:18 +0100, RL escribió: > > > Marcos Fouces writes: > > > > > > > Hello Richard, > > > > > > > > i merged your requests for chkrootkit. > > > > > > > > IMHO, the best way to start contributing is exactly what you did! > > > > (Merge requests) > > > > > > Thanks, this is good news :). > > > > > > I started looking at the code and bugs, but got side-tracked: It > > > seems > > > to me that patch 27 (from july 2020) in debian/patches is > > > problematic. I > > > was not able to understand most of what patch 27 is trying to do, > > > but > > > it > > > seems to me that: > > > > > > 1. Patch 27 is re-introducing an "interesting feature" where > > > chkproc > > > (a C programme run by chkrootkit) sends kill signals to pid 1 > > > and 12345 see if they might be rootkits (!). These are in the > > > upsteam code, but in 2008 debian's patch #5 commented out that > > > code > > > to > > > fix https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457828 > > > > > > Patch 27 has apparently reversed this fix and the debian version > > > of > > > chkproc.c (after all debian's patching) includes the kill signals > > > again. (i think they occur less often than before, so maybe the > > > new > > > bug is less 'critical') > > > > > > 2. Patch 27 is also the sole cause of the "OooPS" messages reported > > > in > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982998 > > > > > > These come from MAX_PROCESSES in chkproc.c being too low. > > > upstream > > > has > > > set MAX_PROCESSES to > 4 million since 2014, but patch 27 > > > apparently > > > reset it back to 9. > > > > > > I think someone more knowledgable in C than me should look at this > > > patch > > > and see whether it is valid or not. > > > >
Re: ckrootkit - issues with patch number 27 (was Re: Offering to help - chkrootkit and rkhunter)
Marcos Fouces writes: > Upstream was agree to do a deeper review of all patches in the package > and include them (or not) in the next release. > This is fantastic, I've been looking through bugs and what started as a simple "allow the cron job to run under ionice" grew a bit - I decided i should add some autopkgtests and that led to spotting quite a few things, some of which were already in the bug list and some were not (but could be - i wasnt sure it was worth reporting, but i can do.) I've submitted a merge-request that fixes about 8 of the 16 bugs reported. Unfortunately i needed to add a few more patches (but only to fix things) The tests works for me when i build the package with gbp and sbuild, however * the salsa the ci system tries to run the autopkgtests but it hangs running the chkrootkit binary. If i read the logs right, salsa is using lxc and bug #872379 does say chkrootkit hangs inside lxc. I will investigate but lxc but I thought i would submit the merge request before expanding it further! Let me know what you think. Richard > Greetings, > Marcos > > > El dom, 03-10-2021 a las 01:18 +0100, RL escribió: >> Marcos Fouces writes: >> >> > Hello Richard, >> > >> > i merged your requests for chkrootkit. >> > >> > IMHO, the best way to start contributing is exactly what you did! >> > (Merge requests) >> >> Thanks, this is good news :). >> >> I started looking at the code and bugs, but got side-tracked: It >> seems >> to me that patch 27 (from july 2020) in debian/patches is >> problematic. I >> was not able to understand most of what patch 27 is trying to do, but >> it >> seems to me that: >> >> 1. Patch 27 is re-introducing an "interesting feature" where chkproc >> (a C programme run by chkrootkit) sends kill signals to pid 1 >> and 12345 see if they might be rootkits (!). These are in the >> upsteam code, but in 2008 debian's patch #5 commented out that code >> to >> fix https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457828 >> >> Patch 27 has apparently reversed this fix and the debian version of >> chkproc.c (after all debian's patching) includes the kill signals >> again. (i think they occur less often than before, so maybe the new >> bug is less 'critical') >> >> 2. Patch 27 is also the sole cause of the "OooPS" messages reported >> in >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982998 >> >> These come from MAX_PROCESSES in chkproc.c being too low. upstream >> has >> set MAX_PROCESSES to > 4 million since 2014, but patch 27 >> apparently >> reset it back to 9. >> >> I think someone more knowledgable in C than me should look at this >> patch >> and see whether it is valid or not. >>
Re: ckrootkit - issues with patch number 27 (was Re: Offering to help - chkrootkit and rkhunter)
Hello Richard, the patch you mention was modified by the same author that send patches [28...51] to me. I also believed that a better review was needed so i forwarded all of them to original author. Upstream was agree to do a deeper review of all patches in the package and include them (or not) in the next release. Greetings, Marcos El dom, 03-10-2021 a las 01:18 +0100, RL escribió: > Marcos Fouces writes: > > > Hello Richard, > > > > i merged your requests for chkrootkit. > > > > IMHO, the best way to start contributing is exactly what you did! > > (Merge requests) > > Thanks, this is good news :). > > I started looking at the code and bugs, but got side-tracked: It > seems > to me that patch 27 (from july 2020) in debian/patches is > problematic. I > was not able to understand most of what patch 27 is trying to do, but > it > seems to me that: > > 1. Patch 27 is re-introducing an "interesting feature" where chkproc > (a C programme run by chkrootkit) sends kill signals to pid 1 > and 12345 see if they might be rootkits (!). These are in the > upsteam code, but in 2008 debian's patch #5 commented out that code > to > fix https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457828 > > Patch 27 has apparently reversed this fix and the debian version of > chkproc.c (after all debian's patching) includes the kill signals > again. (i think they occur less often than before, so maybe the new > bug is less 'critical') > > 2. Patch 27 is also the sole cause of the "OooPS" messages reported > in > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982998 > > These come from MAX_PROCESSES in chkproc.c being too low. upstream > has > set MAX_PROCESSES to > 4 million since 2014, but patch 27 > apparently > reset it back to 9. > > I think someone more knowledgable in C than me should look at this > patch > and see whether it is valid or not. >