** Description changed: + [Impact] + + chkrootkit will return false positives for tcpd detections as "infected" + when tcpd is not present on a system. + + [Test Case] + + * Install chkrootkit, run chkrootkit checks. + + * Without the patch, chkrootkit should return "INFECTED" in its detections for tcpd. + + * With the debdiff, it should say "not present" or "not infected". + + [Regression Potential] + + * Regression risk is limited. The only change with this patch and + debdiff is that we reinitialize the CMD variable in the test to "empty" + before utilizing CMD, which clears the bug if "/bin/tar" from the + previous test being still used in the script for testing tcpd. No other + chkrootkit bits are, based on my testing, affected by this change. + + [Other Info] + + * Patch was provided by Francois Mariner from Debian + + [Original Description] + This has apparently been a thing since at least 16.04 Install a clean version of Ubuntu, install chkrootkit, run a check. tcpd will report as infected. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: chkrootkit 0.52-1 ProcVersionSignature: Ubuntu 4.15.0-42.45-lowlatency 4.15.18 Uname: Linux 4.15.0-42-lowlatency x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 CurrentDesktop: MATE Date: Mon Dec 17 18:30:29 2018 InstallationDate: Installed on 2018-12-05 (12 days ago) InstallationMedia: Ubuntu-MATE 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) SourcePackage: chkrootkit UpgradeStatus: No upgrade log present (probably fresh install)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1808882 Title: false positive on tcpd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chkrootkit/+bug/1808882/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
