[Bug 1808882] Re: false positive on tcpd

Steve Langasek steve.langasek at canonical.com
Fri Feb 8 23:17:16 UTC 2019 

Hello Ryan, or anyone else affected,

Accepted chkrootkit into bionic-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/chkrootkit/0.52-1ubuntu0.1 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-bionic to verification-done-bionic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-bionic. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: chkrootkit (Ubuntu Bionic)
       Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1808882

Title:
  false positive on tcpd

Status in chkrootkit package in Ubuntu:
  Fix Released
Status in chkrootkit source package in Bionic:
  Fix Committed
Status in chkrootkit source package in Cosmic:
  In Progress
Status in chkrootkit source package in Disco:
  Fix Released
Status in chkrootkit package in Debian:
  New

Bug description:
  [Impact]

  chkrootkit will return false positives for tcpd detections as
  "infected" when tcpd is not present on a system.

  [Test Case]

   * Install chkrootkit, run chkrootkit checks.
   
   * Without the patch, chkrootkit should return "INFECTED" in its detections for tcpd.

   * With the debdiff, it should say "not present" or "not infected".

  [Regression Potential]

   * Regression risk is limited.  The only change with this patch and
  debdiff is that we reinitialize the CMD variable in the test to
  "empty" before utilizing CMD, which clears the bug if "/bin/tar" from
  the previous test being still used in the script for testing tcpd.  No
  other chkrootkit bits are, based on my testing, affected by this
  change.

  [Other Info]
   
   * Patch was provided by Francois Mariner from Debian

  [Original Description]

  This has apparently been a thing since at least 16.04

  Install a clean version of Ubuntu, install chkrootkit, run a check.

  tcpd will report as infected.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: chkrootkit 0.52-1
  ProcVersionSignature: Ubuntu 4.15.0-42.45-lowlatency 4.15.18
  Uname: Linux 4.15.0-42-lowlatency x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: amd64
  CurrentDesktop: MATE
  Date: Mon Dec 17 18:30:29 2018
  InstallationDate: Installed on 2018-12-05 (12 days ago)
  InstallationMedia: Ubuntu-MATE 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
  SourcePackage: chkrootkit
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chkrootkit/+bug/1808882/+subscriptions

More information about the Ubuntu-sponsors mailing list