[Bug 1808882] Re: false positive on tcpd

Thomas Ward teward at thomas-ward.net
Thu Feb 7 17:24:04 UTC 2019 

Updated cosmic patch due to duplicate patch being included in d/patches.

** Patch removed: "chkrootkit debdiff for Cosmic"
   https://bugs.launchpad.net/ubuntu/+source/chkrootkit/+bug/1808882/+attachment/5233951/+files/lp1808882-cosmic.debdiff

** Patch added: "chkrootkit debdiff for Cosmic (v2)"
   https://bugs.launchpad.net/ubuntu/+source/chkrootkit/+bug/1808882/+attachment/5236789/+files/lp1808882-cosmic.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1808882

Title:
  false positive on tcpd

Status in chkrootkit package in Ubuntu:
  Triaged
Status in chkrootkit source package in Bionic:
  Triaged
Status in chkrootkit source package in Cosmic:
  Triaged
Status in chkrootkit source package in Disco:
  Triaged
Status in chkrootkit package in Debian:
  New

Bug description:
  [Impact]

  chkrootkit will return false positives for tcpd detections as
  "infected" when tcpd is not present on a system.

  [Test Case]

   * Install chkrootkit, run chkrootkit checks.
   
   * Without the patch, chkrootkit should return "INFECTED" in its detections for tcpd.

   * With the debdiff, it should say "not present" or "not infected".

  [Regression Potential]

   * Regression risk is limited.  The only change with this patch and
  debdiff is that we reinitialize the CMD variable in the test to
  "empty" before utilizing CMD, which clears the bug if "/bin/tar" from
  the previous test being still used in the script for testing tcpd.  No
  other chkrootkit bits are, based on my testing, affected by this
  change.

  [Other Info]
   
   * Patch was provided by Francois Mariner from Debian

  [Original Description]

  This has apparently been a thing since at least 16.04

  Install a clean version of Ubuntu, install chkrootkit, run a check.

  tcpd will report as infected.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: chkrootkit 0.52-1
  ProcVersionSignature: Ubuntu 4.15.0-42.45-lowlatency 4.15.18
  Uname: Linux 4.15.0-42-lowlatency x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: amd64
  CurrentDesktop: MATE
  Date: Mon Dec 17 18:30:29 2018
  InstallationDate: Installed on 2018-12-05 (12 days ago)
  InstallationMedia: Ubuntu-MATE 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
  SourcePackage: chkrootkit
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chkrootkit/+bug/1808882/+subscriptions

More information about the Ubuntu-sponsors mailing list