57701 2004-07-20 03:19 0000 app-admin/chkrootkit: strings-static is not static 2004-07-28 21:06:13 0000 1 1 1 Unclassified Gentoo Linux Applications unspecified All All RESOLVED FIXED InCVS P2 normal --- 1 ka0ttic@gentoo.org solar@gentoo.org ka0ttic@gentoo.org 2004-07-20 03:19:12 0000 chkrootkit's strings-static binary is not statically compiled because of the line, "make strings || die" in the ebuild, since there is no "strings" target in the Makefile (but strings.c exists, so it builds it anyways instead of complaining). The fix is just to remove that line altogether, since strings-static gets built with the "sense" target. This also means we can get rid of the call to newsbin and just add strings-static to dosbin. ka0ttic@gentoo.org 2004-07-20 03:26:33 0000 Created an attachment (id=35801) 03-chkrootkit-0.43-r3.diff ka0ttic@gentoo.org 2004-07-24 14:03:05 0000 Created an attachment (id=36091) chkrootkit-0.43-r2.diff The other patch was an incremental patch based on an ebuild patched to fix another chkrootkit bug. So, here is the diff of the current chkrootkit-0.43-r2.ebuild solar@gentoo.org 2004-07-28 21:06:13 0000 playing ping pong with me guys? It must be destiny that this bug made it's way to me for a second time after I've already bounced this back to bug-wranglers@ before. Alot of chkrootkit internals were overridden by some patch (not your patch Aaron) which made it use everything dynamic. This is a flaw in the design on that patch as the goal should be to use known safe virus free programs/and dynamic linker and libraries to preform our tests. Consider a small LD_PRELOAD module which overrode these dynamic programs functions and hide the non trojaned values from us. This strings-static might be just one of the programs which are effected by this patch (not your patch Aaron). Anyway I've put this in CVS as-is to help return some of the sainity for forensics. 35801 2004-07-20 03:26 0000 03-chkrootkit-0.43-r3.diff 03-chkrootkit-0.43-r3.diff text/plain LS0tIGNoa3Jvb3RraXQtMC40My1yMi5lYnVpbGQJMjAwNC0wNy0yMCAwNjoyMzoyNy4wODQ3NDQw MDAgLTA0MDAKKysrIGNoa3Jvb3RraXQtMC40My1yMy5lYnVpbGQJMjAwNC0wNy0yMCAwNjoyMjoz My44NDE4MzgxNTIgLTA0MDAKQEAgLTI2LDExICsyNiwxMCBAQAogCiBzcmNfY29tcGlsZSgpIHsK IAltYWtlIHNlbnNlIHx8IGRpZQotCW1ha2Ugc3RyaW5ncyB8fCBkaWUKIH0KIAogc3JjX2luc3Rh bGwoKSB7Ci0JZG9zYmluIGNoa2RpcnMgY2hrbGFzdGxvZyBjaGtwcm9jIGNoa3Jvb3RraXQgY2hr d3RtcCBpZnByb21pc2MgfHwgZGllCi0JbmV3c2JpbiBzdHJpbmdzIHN0cmluZ3Mtc3RhdGljIHx8 IGRpZQorCWRvc2JpbiBjaGtkaXJzIGNoa2xhc3Rsb2cgY2hrcHJvYyBjaGtyb290a2l0IGNoa3d0 bXAgaWZwcm9taXNjIFwKKwkJc3RyaW5ncy1zdGF0aWMgfHwgZGllCiAJZG9kb2MgUkVBRE1FIFJF QURNRS5jaGtsYXN0bG9nIFJFQURNRS5jaGt3dG1wCiB9Cg== 36091 2004-07-24 14:03 0000 chkrootkit-0.43-r2.diff chkrootkit-0.43-r2.diff text/plain LS0tIGNoa3Jvb3RraXQtMC40My1yMi5lYnVpbGQJMjAwNC0wNy0yNCAxNjo1ODowOC4yNDkyODcx MDAgLTA0MDAKKysrIGNoa3Jvb3RraXQtMC40My1yMy5lYnVpbGQJMjAwNC0wNy0yNCAxNjo1OTox NC42OTY4MzE1MjkgLTA0MDAKQEAgLTI2LDExICsyNiwxMCBAQAogCiBzcmNfY29tcGlsZSgpIHsK IAltYWtlIHNlbnNlIHx8IGRpZQotCW1ha2Ugc3RyaW5ncyB8fCBkaWUKIH0KIAogc3JjX2luc3Rh bGwoKSB7Ci0JZG9zYmluIGNoZWNrX3d0bXB4IGNoa2xhc3Rsb2cgY2hrcHJvYyBjaGtyb290a2l0 IGNoa3d0bXAgaWZwcm9taXNjIHx8IGRpZQotCW5ld3NiaW4gc3RyaW5ncyBzdHJpbmdzLXN0YXRp YyB8fCBkaWUKKwlkb3NiaW4gY2hlY2tfd3RtcHggY2hrbGFzdGxvZyBjaGtwcm9jIGNoa3Jvb3Rr aXQgY2hrd3RtcCBpZnByb21pc2MgXAorCQlzdHJpbmdzLXN0YXRpYyB8fCBkaWUKIAlkb2RvYyBS RUFETUUgUkVBRE1FLmNoa2xhc3Rsb2cgUkVBRE1FLmNoa3d0bXAKIH0K