Ubuntu
chkrootkit package

Bug #279752
Comment #2

Comment 2 for bug 279752

Revision history for this message

Alexander Perlis (alexanderperlis) wrote on 2008-10-07: Re: [Bug 279752] Re: chkrootkit kills random processes

Hi Kees,

Thanks for your prompt attention. Just to clarify my possible misunderstanding, does "Status: New => Invalid" mean this won't get fixed in Hardy?

Hardy is supposed to be an "LTS" release and we plan to stick with it for a couple years, so this being already fixed in the development release (presumably Intrepid?) is wonderful but meanwhile what are Hardy users to do? Because random processes get killed (and we have already seen this happen to one of our user stations and one of our servers), I believe this should be considered a security issue in Hardy and fixed in Hardy.

(Perhaps you're already planning to do so, and I misunderstood the meaning of "Status: New => Invalid".)

Thanks.
Alexander

----- Original Message ----
From: Kees Cook <email address hidden>
To: <email address hidden>
Sent: Tuesday, October 7, 2008 11:40:20 AM
Subject: [Bug 279752] Re: chkrootkit kills random processes

Thanks for taking the time to report this bug and helping to make Ubuntu
better. I have marked it as public, since it is not a private issue.
Additionally, this has already been fixed in the development release
(which has chkrootkit 0.48-5). Please feel free to report any other
bugs you may find.

** Changed in: chkrootkit (Ubuntu)
Assignee: (unassigned) => Kees Cook (kees)
Status: New => Invalid

** Visibility changed to: Public

--
chkrootkit kills random processes
https://bugs.launchpad.net/bugs/279752
You received this bug notification because you are a direct subscriber
of the bug.

Status in “chkrootkit” source package in Ubuntu: Invalid

Bug description:
To test for Enye LKM, chkrootkit 0.47-1.1 blindly sends a signal to PID 12345 without regard as to what might be running at PID 12345, which might be a crucial daemon related to system security or system access. It is common to run chkrootkit on a regular basis as a cron job. Because of the potential to randomly kill an important process, this should be considered a security bug.

This has been fixed in Debian chkrootkit 0.47-2. See Debian bug report #421864, and also Debian bug report #457828.

I suggest Ubuntu make the same fix and get it into the security updates for hardy. Thanks!

Hi Kees,

Thanks for your prompt attention. Just to clarify my possible misunderstanding, does "Status: New => Invalid" mean this won't get fixed in Hardy?

(Perhaps you're already planning to do so, and I misunderstood the meaning of "Status: New => Invalid".)

Thanks.
Alexander

----- Original Message ----
From: Kees Cook <kees@ubuntu.com>
To: alexanderperlis@yahoo.com
Sent: Tuesday, October 7, 2008 11:40:20 AM
Subject: [Bug 279752] Re: chkrootkit kills random processes

Thanks for taking the time to report this bug and helping to make Ubuntu
better. I have marked it as public, since it is not a private issue.
Additionally, this has already been fixed in the development release
(which has chkrootkit 0.48-5).  Please feel free to report any other
bugs you may find.

** Changed in: chkrootkit (Ubuntu)
     Assignee: (unassigned) => Kees Cook (kees)
       Status: New => Invalid