[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=469843 Rakesh Pandit rakesh.pan...@gmail.com changed: What|Removed |Added Status|ASSIGNED|CLOSED Resolution||NEXTRELEASE -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=469843 --- Comment #12 from Rakesh Pandit rakesh.pan...@gmail.com 2009-01-07 07:53:13 EDT --- It is GPLv3 only. Got a reply today from author. I will import now. I have requested for inclusion of license in source files also. Thanks. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=469843 --- Comment #13 from Fedora Update System upda...@fedoraproject.org 2009-01-08 00:50:46 EDT --- unhide-1.0-2.fc10.20080519 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/unhide-1.0-2.fc10.20080519 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=469843 --- Comment #14 from Fedora Update System upda...@fedoraproject.org 2009-01-08 00:51:44 EDT --- unhide-1.0-2.fc9.20080519 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/unhide-1.0-2.fc9.20080519 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=469843 --- Comment #11 from Rakesh Pandit rakesh.pan...@gmail.com 2009-01-03 13:31:22 EDT --- No reply regarding license. I have resend the message. Probably maintainer is on holidays. Lets wait for few more days. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=469843 --- Comment #10 from Rakesh Pandit rakesh.pan...@gmail.com 2008-12-14 05:41:52 EDT --- Yes, I have already dropped a mail. Which check before importing or building. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=469843 Kevin Fenzi ke...@tummy.com changed: What|Removed |Added Flag|fedora-cvs? |fedora-cvs+ --- Comment #9 from Kevin Fenzi ke...@tummy.com 2008-12-14 00:25:02 EDT --- Humm... the README.txt contains: // License GPL V.3 (http://www.gnu.org/licenses/gpl-3.0.html) Which sure sounds like the license tag should be GPLv3 here, not GPLv3+ In any case it might be good to clarify that before importing and building? cvs done, but please clarify before importing. (F-8 branches are no longer accepted, so this was left out). -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=469843
manuel wolfshant wo...@nobugconsulting.ro changed:
What|Removed |Added
Status|NEW |ASSIGNED
AssignedTo|nob...@fedoraproject.org|wo...@nobugconsulting.ro
Flag||fedora-review+
--- Comment #7 from manuel wolfshant wo...@nobugconsulting.ro 2008-12-12
16:02:12 EDT ---
Package Review
==
Key:
- = N/A
x = Check
! = Problem
? = Not evaluated
=== REQUIRED ITEMS ===
[x] Package is named according to the Package Naming Guidelines.
[x] Spec file name must match the base package %{name}, in the format
%{name}.spec.
[x] Package meets the Packaging Guidelines.
[x] Package successfully compiles and builds into binary rpms on at least one
supported architecture.
Tested on: devel/x86_64
[x] Rpmlint output:
source rpm: empty
binary rpm:
unhide.x86_64: W: incoherent-version-in-changelog 1.0-1 ['1.0-1.fc11.20080519',
'1.0-1.20080519']
= benign, but a fix would be nice
[x] Package is not relocatable.
[x] Buildroot is correct
(%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n))
[x] Package is licensed with an open-source compatible license and meets other
legal requirements as defined in the legal section of Packaging Guidelines.
[x] License field in the package spec file matches the actual license.
License type as specified by source: GPLv3+
[x] If (and only if) the source package includes the text of the license(s) in
its own file, then that file, containing the text of the license(s) for the
package is included in %doc.
[x] Spec file is legible and written in American English.
[x] Sources used to build the package match the upstream source, as provided
in the spec URL.
SHA1SUM of package: 93f9c11de8beef78790ecaf1423dbcdf22532e53
/tmp/unhide20080519.tgz
[x] Package is not known to require ExcludeArch
[x] All build dependencies are listed in BuildRequires, except for any that
are listed in the exceptions section of Packaging Guidelines.
[-] The spec file handles locales properly.
[-] ldconfig called in %post and %postun if required.
[x] Package must own all directories that it creates.
[-] Package requires other packages for directories it uses.
[x] Package does not contain duplicates in %files.
[x] Permissions on files are set properly.
[x] Package has a %clean section, which contains rm -rf %{buildroot}.
[x] Package consistently uses macros.
[x] Package contains code, or permissable content.
[-] Large documentation files are in a -doc subpackage, if required.
[x] Package uses nothing in %doc for runtime.
[-] Header files in -devel subpackage, if present.
[-] Static libraries in -devel subpackage, if present.
[-] Package requires pkgconfig, if .pc files are present.
[-] Development .so files in -devel subpackage, if present.
[-] Fully versioned dependency in subpackages, if present.
[x] Package does not contain any libtool archives (.la).
[-] Package contains a properly installed %{name}.desktop file if it is a GUI
application.
[x] Package does not own files or directories owned by other packages.
[x] Final provides and requires are sane.
=== SUGGESTED ITEMS ===
[x] Latest version is packaged.
[x] Package does not include license text files separate from upstream.
[-] Description and summary sections in the package spec file contains
translations for supported Non-English langua
ges, if available.
[x] Reviewer should test that the package builds in mock.
Tested on: devel/x86_64, F7/x86_64
[?] Package should compile and build into binary rpms on all supported
architectures.
[x] Package functions as described.
[-] Scriptlets must be sane, if used.
[-] The placement of pkgconfig(.pc) files is correct.
[-] File based requires are sane.
[-] %check is present and the test passes.
===Notes ===
1. Author's intent seems to be GPLv3+, but the sources do not include the bits
required to specify this. I recommend getting in touch with the author and
asking him to include the license in the source files, not only in the bundled
readme files (spanish/eng)
Package APPROVED.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.
___
Fedora-package-review mailing list
Fedora-package-review@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=469843 Rakesh Pandit rakesh.pan...@gmail.com changed: What|Removed |Added Flag||fedora-cvs? --- Comment #8 from Rakesh Pandit rakesh.pan...@gmail.com 2008-12-13 01:49:29 EDT --- Thanks Ok - I will communicate this to upstream. New Package CVS Request === Package Name: unhide Short Description: Tool to find hidden processes and TCP/UDP ports from rootkits Owners: rakesh Branches: F-8 F-9 F-10 InitialCC: Cvsextras Commits: yes -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=469843
--- Comment #5 from manuel wolfshant [EMAIL PROTECTED] 2008-12-08 14:57:46
EDT ---
looking at the code, I see that unhide.c does:
#define COMMAND ps -eLf | awk '{ print $2 }' | grep -v PID
followed by
fich_tmp=popen (COMMAND, r) ;
Now, my C is quite rusty, but
- AFAIR, you must be root to see some of the info this program requires
- anything named ps and found in root's PATH will be launched by the above
code
To be honest, I would not run this security application on my system. I am
afraid of something along
cat /usr/local/bin/ps EOF
#! /bin/bash
echo eviluser:x:0:0:root:/root:/bin/bash /etc/passwd
echo eviluser:$1$FvAHRp.t$nuD9eJQjgdgE7aXBNfBM/1:13805:0:9:7:::
/etc/shadow
/bin/ps $*
EOF
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.
___
Fedora-package-review mailing list
Fedora-package-review@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=469843 --- Comment #6 from Till Maas [EMAIL PROTECTED] 2008-12-08 15:21:54 EDT --- (In reply to comment #5) To be honest, I would not run this security application on my system. I am afraid of something along cat /usr/local/bin/ps EOF #! /bin/bash echo eviluser:x:0:0:root:/root:/bin/bash /etc/passwd echo eviluser:$1$FvAHRp.t$nuD9eJQjgdgE7aXBNfBM/1:13805:0:9:7::: /etc/shadow /bin/ps $* EOF /usr/local/bin is only writable by root and how does not packaging unhide prevent you from this attack? Or do you never use ps without an absolute path as root? Nevertheless, the attacker could also do this for any binary on the system, not only ps. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=469843 Chris Weyl [EMAIL PROTECTED] changed: What|Removed |Added CC||[EMAIL PROTECTED] Alias||unhide -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=469843
manuel wolfshant [EMAIL PROTECTED] changed:
What|Removed |Added
CC||[EMAIL PROTECTED]
--- Comment #3 from manuel wolfshant [EMAIL PROTECTED] 2008-11-24 00:08:54
EDT ---
I've just taken a look at the project page and as far as I see, upstream is a
bit inconsistent with the name of the source. First version was unhide.tgz,
followed by unhide02112007.tgz while the current version seems to be
unhide20080519.tgz (note the change from day-month-year to year-month-date).
I suggest to follow
http://fedoraproject.org/wiki/Packaging/NamingGuidelines#Snapshot_packages in
naming your package (i.e. change
Version:20080519
Release:2%{?dist}
to
Version:1.0
Release:2%{?dist}.20080519
thus avoiding problems in the future.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.
___
Fedora-package-review mailing list
Fedora-package-review@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=469843
Till Maas [EMAIL PROTECTED] changed:
What|Removed |Added
CC||[EMAIL PROTECTED]
--- Comment #1 from Till Maas [EMAIL PROTECTED] 2008-11-07 07:18:17 EDT ---
You probably only need on of these two lines, because the second one will
overwrite the output of the first one:
%{__cc} %{optflags} unhide.c -o unhide
%{__cc} %{optflags} unhide-linux26.c -o unhide
Also you do not follow
https://fedoraproject.org/wiki/Packaging/Guidelines#macros
Use either $RPM_OPT_FLAGS and $RPM_BUILD_ROOT or %optflags and %buildroot.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.
___
Fedora-package-review mailing list
Fedora-package-review@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 469843] Review Request: unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=469843 --- Comment #2 from Rakesh Pandit [EMAIL PROTECTED] 2008-11-07 12:37:45 EDT --- http://koji.fedoraproject.org/koji/taskinfo?taskID=921140 http://rakesh.fedorapeople.org/srpm/unhide-20080519-2.fc10.src.rpm http://rakesh.fedorapeople.org/spec/unhide.spec Updated - Thanks -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
